Snowflake MCP Client Setup
EntryLayer publishes a Snowflake-managed MCP server named API.ENTRYLAYER_MCP from the installed Native App. The server exposes a curated set of tools that delegate to the same admin-only SQL API used by HELP(), AGENT_MANIFEST(), and the documented API.* procedures.
There is no custom EntryLayer MCP runtime, no provider-owned egress, no external access integration, and no network rule. Snowflake hosts the MCP transport and invokes app-owned SQL procedures.
When to use this guide
Section titled “When to use this guide”Use this guide when:
- an admin wants Cortex Code or another MCP-compatible client to call EntryLayer tools
- you need the endpoint URL for an installed app
- OAuth setup failed with a dynamic client registration error
- Cortex found the SQL API but did not load MCP tools
For most customer workflows, start with Cortex SQL API Skill instead. It works directly in Snowsight and Cortex through SQL calls and does not require MCP client configuration.
Prerequisites
Section titled “Prerequisites”Before configuring an MCP client, confirm:
- the installed app has created
API.ENTRYLAYER_MCP - your Snowflake role has the installed app’s
ENTRYLAYER_ADMINapplication role - your Snowflake user has a default role and default warehouse
- the MCP client supports HTTP MCP transport
- the MCP client can use a pre-registered OAuth client
Snowflake-managed MCP servers use OAuth 2.0 and do not support dynamic client registration. If your client omits client_id, it may try dynamic registration and fail before EntryLayer tools load.
Verify the server
Section titled “Verify the server”Run these checks from a Snowflake role that can inspect the installed app:
SHOW MCP SERVERS IN SCHEMA ENTRYLAYER.API;DESCRIBE MCP SERVER ENTRYLAYER.API.ENTRYLAYER_MCP;SHOW GRANTS ON MCP SERVER ENTRYLAYER.API.ENTRYLAYER_MCP;Replace ENTRYLAYER with the installed app name if it is different.
Expected posture:
ENTRYLAYER_MCPexists in the installed app’sAPIschema.USAGEis granted to theENTRYLAYER_ADMINapplication role.- There is no grant to
ENTRYLAYER_USER.
Endpoint format
Section titled “Endpoint format”Use this HTTP endpoint:
https://<account_url>/api/v2/databases/<installed_app>/schemas/API/mcp-servers/ENTRYLAYER_MCPFor example, if the installed app is ENTRYLAYER:
https://<account_identifier>.snowflakecomputing.com/api/v2/databases/ENTRYLAYER/schemas/API/mcp-servers/ENTRYLAYER_MCPUse the account URL shown by Snowsight or your Snowflake connection profile. Do not use a snowflake:// URL.
Create the OAuth client
Section titled “Create the OAuth client”An account admin must create a Snowflake OAuth security integration for the MCP client.
USE ROLE ACCOUNTADMIN;
CREATE OR REPLACE SECURITY INTEGRATION ENTRYLAYER_MCP_CLIENT TYPE = OAUTH OAUTH_CLIENT = CUSTOM ENABLED = TRUE OAUTH_CLIENT_TYPE = 'CONFIDENTIAL' OAUTH_REDIRECT_URI = '<redirect URI from your MCP client>';
SELECT SYSTEM$SHOW_OAUTH_CLIENT_SECRETS('ENTRYLAYER_MCP_CLIENT');Use the exact redirect URI required by the MCP client. If the client has multiple callback URLs, configure Snowflake OAuth alternate redirect URIs in the security integration.
Store the returned oauth_client_id and client secret in your organization’s secret manager. Do not commit secrets to mcp.json, source control, tickets, or docs.
Cortex Code configuration
Section titled “Cortex Code configuration”First add the server as an HTTP MCP server:
cortex mcp add --transport http entrylayer \ https://<account_url>/api/v2/databases/<installed_app>/schemas/API/mcp-servers/ENTRYLAYER_MCPThen configure OAuth in ~/.snowflake/cortex/mcp.json:
{ "mcpServers": { "entrylayer": { "type": "http", "url": "https://<account_url>/api/v2/databases/<installed_app>/schemas/API/mcp-servers/ENTRYLAYER_MCP", "oauth": { "client_id": "<oauth_client_id>", "redirect_port": 8585, "scope": "session:role:all", "authorization_server_url": "https://<account_url>/oauth" } } }}If the client prompts for a client secret, use the secret returned by SYSTEM$SHOW_OAUTH_CLIENT_SECRETS. Cortex Code stores OAuth state in the OS keychain after a successful connection.
Start or authenticate the server:
cortex mcp startInside Cortex Code, use /mcp to inspect the server, authenticate, enable or disable it, and view the last connection error.
Suggested operating prompt
Section titled “Suggested operating prompt”After the MCP server is connected, paste this before asking Cortex to administer EntryLayer:
Use the configured EntryLayer MCP server named entrylayer.
First call the help and agent_manifest tools. Prefer read-only tools until you have checked the available commands, response envelope, and security guardrails.
For mutations, call exactly one tool at a time, explain the intended change first, and verify the returned status before continuing. If a tool returns status = error, surface code and message instead of guessing.
Never request source row samples, source data values, submission values, PII, PHI, secrets, credentials, provider-owned egress, external APIs, or new Snowflake privileges.Troubleshooting
Section titled “Troubleshooting”| Symptom | Likely cause | Fix |
|---|---|---|
Incompatible auth server: does not support dynamic client registration | The MCP client omitted client_id and tried dynamic registration. | Create a Snowflake OAuth security integration and configure the returned oauth_client_id. |
| Cortex asks for the endpoint | Cortex does not automatically discover app-created MCP servers from the installed app name. | Paste the HTTPS endpoint from this guide. |
protocol must be http:, https: or s3: | The client tried a snowflake:// URL. | Use the HTTPS /api/v2/databases/.../mcp-servers/... endpoint. |
| Server connects but tools do not appear | Client disabled the server, cached a failed auth state, or rejected tool names. | Run cortex mcp list, /mcp, and cortex mcp remove entrylayer before re-adding. |
Warehouse is N/A in Cortex | The Snowflake user has no default warehouse. | Set a default warehouse on the user or connection profile. |
| Tool call returns forbidden or permission errors | The Snowflake role lacks ENTRYLAYER_ADMIN, the user lacks project access, or caller-rights source grants are missing. | Grant the application role, verify project permissions, and validate source grants. |
| OAuth callback fails | Redirect URI mismatch or blocked local port. | Recreate the security integration with the exact redirect URI and confirm the redirect port is available. |
Security posture
Section titled “Security posture”The EntryLayer MCP server keeps the same zero-access posture as the SQL API:
- Tools call app-owned SQL API procedures and MCP adapter wrappers.
- Private helpers such as
_CALL_RPCand_SQL_API_RPCare not MCP tools. SYSTEM_EXECUTE_SQLis not exposed.ENTRYLAYER_USERdoes not receive MCP server usage.- No custom SPCS MCP endpoint is created.
- No provider-owned external access integration, network rule, or API key is required.
The MCP server is useful for clients that can complete Snowflake OAuth and invoke HTTP MCP tools. When that setup is too much friction, use the SQL API directly with Cortex SQL API Skill.
Snowflake references
Section titled “Snowflake references”- Snowflake-managed MCP server
- Use Cortex Agents and MCP servers in a Native App
- Cortex Code CLI MCP support
- SYSTEM$SHOW_OAUTH_CLIENT_SECRETS