Assist is a platform where teams can build, host, and deploy internal AI software and agents in one place — giving companies a safe, controlled environment to standardize workflows and improve operations.

What are sandcastles?

Sandcastles are purpose-built internal apps created by non-technical teams on the Assist platform. They allow employees to build custom tools and workflows without engineering resources.

How much does Assist cost?

Assist uses pay-as-you-go pricing: provider costs + 5%, $0.17 per 1k tool calls, with no seat fees. Enterprise custom pricing is also available.

Do we need engineers to use Assist?

No. Assist is designed for non-technical teams to build and deploy AI tools. Engineers can use it too, but it doesn't require engineering resources to get started.

Authorizing an MCP Client

This guide explains what happens when an external AI client connects to your MCP server for the first time and how to approve or deny the connection.

Before you begin

You must have already created an MCP server and provided its URL to the client application. See Creating an MCP server.
You must be signed in to your workspace in the browser. If you are not signed in, you are redirected to the login page first and then returned to the authorization screen.

Steps

1. The client initiates a connection

When you configure your AI client with the MCP server URL and it attempts to connect, your browser opens an authorization page. This page is titled Authorize Application.

2. Review the request

The authorization page shows:

The name of the application requesting access (for example, "Claude Desktop").
The name of your MCP server that the application wants to access.
A list of tools the application will be able to call, each with its name and description.
The scope of access being requested (displayed as a label, such as "mcp:tools").

Review this information to confirm you recognize the application and are comfortable granting it access to the listed tools.

3. Approve or deny

Click Approve to grant the application access. The page briefly shows "Authorizing..." while the request is processed, then you are redirected to a confirmation page or back to the application.

Click Deny to reject the request. The application is notified that access was denied and cannot call your tools.

4. Authorization complete

After approving, you see an Authorization Complete page confirming the application has been granted access. If the authorization page opened in a popup window, click Close Tab to close it. Otherwise, you can navigate away or close the tab manually.

The client now has a time-limited token and can begin calling your tools. Tokens are automatically refreshed by the client, so you typically do not need to re-authorize.

If you see an error

Errors appear as a message at the top of the authorization page. Common errors include:

"The application redirect URL is no longer valid." -- The application's callback address has changed. Ask the application developer to update their configuration.
"This authorization request expired." -- The request took too long. Return to the application and try connecting again.
"You must be signed in to continue." -- Sign in to your workspace and try again.
"You do not have access to this MCP server." -- You can only authorize connections to servers you created.

For more issues, see Troubleshooting.