MCP — Using Picasi in the AI Assistant
What Is MCP?
The Model Context Protocol (MCP) is an open protocol that defines how AI assistants access external tools and data. Instead of each provider having to build its own integration, everyone follows the same standard.
Claude Code, Claude.ai, ChatGPT, and other assistants that support MCP can connect to any MCP-compatible service—and Picasi is one of them.
Why Picasi Implements MCP
Competitive monitoring becomes truly useful when the information is available right where you’re working—not in a separate app that you have to open just for that.
If you’re writing a competitive analysis in Claude and want to know in the middle of your work what Muster AG communicated last week, just ask Claude. Claude queries Picasi via MCP in the background—and you see the data immediately in the chat, without switching contexts.
That’s the real advantage of MCP: Picasi data flows into your existing AI workflow, rather than forcing you to use a separate one.
How the Connection Works
There are two ways to connect Picasi to an AI assistant:
API token — for Claude Code, Cursor, and your own agents. You create a token in Picasi, enter it into the assistant’s configuration, and it has access right away. The token has a role that determines the scope of access.
OAuth — for Claude.ai and ChatGPT. You authorize the assistant directly through your Picasi account, without token management. The connection is tied to your personal account.
What the Assistant Can Do
With read access, the assistant can:
- Search for and read updates
- List sources and channels
- Retrieve reports
- Query the team context (AI context)
With write access (admin token or OAuth with the “write” scope), the assistant can also:
- Create, edit, and delete sources
- Create, edit, and deactivate channels
- Create and edit tags
OAuth Scope Level
When you set up an OAuth connection—for example, with Claude.ai or ChatGPT—you select an authorization level (Authorization Level) during the authorization step. This level acts as a cap: it limits what the assistant is allowed to do via this connection, regardless of your role in the workspace.
| Level | Allowed | Not allowed |
|---|---|---|
| Read-only | Read updates, retrieve sources and reports, query team context | Create, edit, or delete sources or channels |
| Read & Write (Default) | Everything from Read-only plus manage sources, channels, and inbox | Manage team settings and AI settings |
| Admin | All MCP operations, including team settings | Manage billing |
The levels you can select are limited by your own workspace role. A member without admin privileges will not see the Admin option.
The selected scope remains permanently tied to the connection. After authorization, it appears as a badge in the connection list. To change the scope, the connection must be revoked and set up again.
Recommendation: Choose the scope that is sufficient for your specific use case—in other words, no more access than necessary. For simple queries and analyses, Read-only is sufficient.
How Long Is a Connection Valid?
API tokens do not have an expiration date. They remain valid until you revoke them in Picasi under Settings → API Tokens or until the associated member leaves the workspace. A revoked token becomes invalid immediately; a new one must be generated and stored in the client.
OAuth connections use two tokens:
- An access token, which is valid for a short time and authorizes individual tool calls.
- A refresh token, which remains valid as long as the connection exists—the client exchanges it in the background for fresh access tokens.
As long as the assistant accesses the service regularly, it renews itself. If the connection remains unused for more than about two weeks, the refresh token may expire—in this case, the assistant will display an authorization error, and you’ll need to reconfigure the connection via Settings → Connect AI Assistant.
Connecting Multiple Workspaces Simultaneously
If you have multiple Picasi workspaces (e.g., an agency with multiple client accounts), you can create a separate connection for each workspace.
- API Token: Generate a separate token for each workspace. In the client configuration, list each token under its own MCP server name (
picasi-kunde-a,picasi-kunde-b). The assistant will then recognize the tools as separate sets. - OAuth: For Claude.ai and ChatGPT, you can usually keep only one connection active per provider. For agencies, we recommend using the API token method with dedicated server names.
The get_team_context call always displays in the team.name field which workspace the assistant is currently working on—this prevents any confusion.
Security and Control
You remain in control. Every connection is visible in Picasi under AI Connections. You can revoke them individually at any time—immediately and without any residual effects.
Tokens are role-restricted: a reader token cannot create sources, regardless of how the assistant uses it. For OAuth connections, the selected scope also serves as a limit.