# PromptFax auth.md

PromptFax supports agent registration for its remote MCP server.

## Audience

This document is for MCP-capable agents and connector hosts that need to register an OAuth client and call PromptFax MCP tools.

## OAuth metadata

- Authorization server metadata: https://promptfax.app/.well-known/oauth-authorization-server
- Protected resource metadata: https://promptfax.app/.well-known/oauth-protected-resource/mcp
- Registration endpoint: https://promptfax.app/register
- Authorization endpoint: https://promptfax.app/authorize
- Token endpoint: https://promptfax.app/token
- Revocation endpoint: https://promptfax.app/revoke

## Supported flow

- Dynamic client registration is available through the registration endpoint.
- Authorization code with PKCE uses `code_challenge_method=S256`.
- Supported scopes are `mcp:tools` and `offline_access`.
- Bearer access tokens are sent in the `Authorization` header.
- PromptFax tools require explicit user review before payment and fax transmission.

## MCP resource

- MCP endpoint: https://promptfax.app/mcp
- MCP server card: https://promptfax.app/.well-known/mcp/server-card.json
- Tool catalog: https://promptfax.app/mcp-tools.json