FAQ

Which AI clients support MCP?

Claude Desktop, Cursor, Windsurf, and any client that implements the Model Context Protocol spec. The list is growing — check the MCP ecosystem for up-to-date compatibility.

Do I need a QualiBooth subscription to use the MCP server?

Yes. You need a valid QualiBooth account. When you first use a tool, a browser login page will open — sign in with your QualiBooth credentials or via OAuth (Microsoft or Google). No API token is required.

Can multiple team members use the MCP server?

Yes. Each team member logs in with their own QualiBooth credentials, so access is managed individually through their account.

Are there rate limits?

The MCP server respects the same rate limits as the QualiBooth REST API. If you hit limits, wait a moment and retry.

What functionality does the MCP server cover?

The MCP server gives you access to the same functionality available in the portal's scheduled scanning module — managing organizations, projects, scan configurations, and scan runs. Other portal modules are not exposed via MCP.

How do I audit a site for accessibility issues?

Follow this sequence:

1. get_organizations — pick the organization that owns the site
2. get_projects (optionally pass a search keyword to filter by name) — pick the project
3. list_scan_configs — pick the scan configuration you want to inspect
4. list_scan_runs — pick the most recent completed run
5. list_urls_in_run (sort by high,DESC) — identify the worst-scoring pages
6. get_scanned_url_details — get full rule-level violations for a specific page, split by mobile and desktop

How do scan scores work?

Scores range from 0 to 100 — higher is better. Each scan run produces separate desktop and mobile scores. Individual scanned URLs also receive their own score based on the violations found.

What are the violation severity levels?

Violations are classified into four levels, from most to least severe:

critical → high → medium → low

Results from list_urls_in_run and get_scanned_url_details break down violations by these levels for both mobile and desktop.

How do I stop all scanning on a project?

1. list_scan_configs — retrieve all scan configuration UUIDs for the project
2. update_scan_config with "status": "INACTIVE" for each one

To re-enable, call update_scan_config with "status": "ACTIVE".

How do I disable all URLs in a scan configuration?

1. list_scan_config_urls — paginate through all pages to collect every URL UUID (page is 0-indexed, default count is 25)
2. patch_scan_config_urls — send all UUIDs in a single call with "enabled": false

The response returns the number of updated URLs: { "updated": 100 }.

A scan run shows running: true — is something wrong?

No. running: true means the scan is still in progress and finishedAt will be null until it completes. Wait for the run to finish before fetching results.