Skip to content
EntryLayer Operational data entry for Snowflake

Snowflake MCP Client Setup

EntryLayer publishes a Snowflake-managed MCP server named API.ENTRYLAYER_MCP from the installed Native App. The server exposes a curated set of tools that delegate to the same admin-only SQL API used by HELP(), AGENT_MANIFEST(), and the documented API.* procedures.

There is no custom EntryLayer MCP runtime, no provider-owned egress, no external access integration, and no network rule. Snowflake hosts the MCP transport and invokes app-owned SQL procedures.

Use this guide when:

  • an admin wants Cortex Code or another MCP-compatible client to call EntryLayer tools
  • you need the endpoint URL for an installed app
  • OAuth setup failed with a dynamic client registration error
  • Cortex found the SQL API but did not load MCP tools

For most customer workflows, start with Cortex SQL API Skill instead. It works directly in Snowsight and Cortex through SQL calls and does not require MCP client configuration.

Before configuring an MCP client, confirm:

  • the installed app has created API.ENTRYLAYER_MCP
  • your Snowflake role has the installed app’s ENTRYLAYER_ADMIN application role
  • your Snowflake user has a default role and default warehouse
  • the MCP client supports HTTP MCP transport
  • the MCP client can use a pre-registered OAuth client

Snowflake-managed MCP servers use OAuth 2.0 and do not support dynamic client registration. If your client omits client_id, it may try dynamic registration and fail before EntryLayer tools load.

Run these checks from a Snowflake role that can inspect the installed app:

SHOW MCP SERVERS IN SCHEMA ENTRYLAYER.API;
DESCRIBE MCP SERVER ENTRYLAYER.API.ENTRYLAYER_MCP;
SHOW GRANTS ON MCP SERVER ENTRYLAYER.API.ENTRYLAYER_MCP;

Replace ENTRYLAYER with the installed app name if it is different.

Expected posture:

  • ENTRYLAYER_MCP exists in the installed app’s API schema.
  • USAGE is granted to the ENTRYLAYER_ADMIN application role.
  • There is no grant to ENTRYLAYER_USER.

Use this HTTP endpoint:

https://<account_url>/api/v2/databases/<installed_app>/schemas/API/mcp-servers/ENTRYLAYER_MCP

For example, if the installed app is ENTRYLAYER:

https://<account_identifier>.snowflakecomputing.com/api/v2/databases/ENTRYLAYER/schemas/API/mcp-servers/ENTRYLAYER_MCP

Use the account URL shown by Snowsight or your Snowflake connection profile. Do not use a snowflake:// URL.

An account admin must create a Snowflake OAuth security integration for the MCP client.

USE ROLE ACCOUNTADMIN;
CREATE OR REPLACE SECURITY INTEGRATION ENTRYLAYER_MCP_CLIENT
TYPE = OAUTH
OAUTH_CLIENT = CUSTOM
ENABLED = TRUE
OAUTH_CLIENT_TYPE = 'CONFIDENTIAL'
OAUTH_REDIRECT_URI = '<redirect URI from your MCP client>';
SELECT SYSTEM$SHOW_OAUTH_CLIENT_SECRETS('ENTRYLAYER_MCP_CLIENT');

Use the exact redirect URI required by the MCP client. If the client has multiple callback URLs, configure Snowflake OAuth alternate redirect URIs in the security integration.

Store the returned oauth_client_id and client secret in your organization’s secret manager. Do not commit secrets to mcp.json, source control, tickets, or docs.

First add the server as an HTTP MCP server:

Terminal window
cortex mcp add --transport http entrylayer \
https://<account_url>/api/v2/databases/<installed_app>/schemas/API/mcp-servers/ENTRYLAYER_MCP

Then configure OAuth in ~/.snowflake/cortex/mcp.json:

{
"mcpServers": {
"entrylayer": {
"type": "http",
"url": "https://<account_url>/api/v2/databases/<installed_app>/schemas/API/mcp-servers/ENTRYLAYER_MCP",
"oauth": {
"client_id": "<oauth_client_id>",
"redirect_port": 8585,
"scope": "session:role:all",
"authorization_server_url": "https://<account_url>/oauth"
}
}
}
}

If the client prompts for a client secret, use the secret returned by SYSTEM$SHOW_OAUTH_CLIENT_SECRETS. Cortex Code stores OAuth state in the OS keychain after a successful connection.

Start or authenticate the server:

Terminal window
cortex mcp start

Inside Cortex Code, use /mcp to inspect the server, authenticate, enable or disable it, and view the last connection error.

After the MCP server is connected, paste this before asking Cortex to administer EntryLayer:

Use the configured EntryLayer MCP server named entrylayer.
First call the help and agent_manifest tools. Prefer read-only tools until you have checked the available commands, response envelope, and security guardrails.
For mutations, call exactly one tool at a time, explain the intended change first, and verify the returned status before continuing. If a tool returns status = error, surface code and message instead of guessing.
Never request source row samples, source data values, submission values, PII, PHI, secrets, credentials, provider-owned egress, external APIs, or new Snowflake privileges.
SymptomLikely causeFix
Incompatible auth server: does not support dynamic client registrationThe MCP client omitted client_id and tried dynamic registration.Create a Snowflake OAuth security integration and configure the returned oauth_client_id.
Cortex asks for the endpointCortex does not automatically discover app-created MCP servers from the installed app name.Paste the HTTPS endpoint from this guide.
protocol must be http:, https: or s3:The client tried a snowflake:// URL.Use the HTTPS /api/v2/databases/.../mcp-servers/... endpoint.
Server connects but tools do not appearClient disabled the server, cached a failed auth state, or rejected tool names.Run cortex mcp list, /mcp, and cortex mcp remove entrylayer before re-adding.
Warehouse is N/A in CortexThe Snowflake user has no default warehouse.Set a default warehouse on the user or connection profile.
Tool call returns forbidden or permission errorsThe Snowflake role lacks ENTRYLAYER_ADMIN, the user lacks project access, or caller-rights source grants are missing.Grant the application role, verify project permissions, and validate source grants.
OAuth callback failsRedirect URI mismatch or blocked local port.Recreate the security integration with the exact redirect URI and confirm the redirect port is available.

The EntryLayer MCP server keeps the same zero-access posture as the SQL API:

  • Tools call app-owned SQL API procedures and MCP adapter wrappers.
  • Private helpers such as _CALL_RPC and _SQL_API_RPC are not MCP tools.
  • SYSTEM_EXECUTE_SQL is not exposed.
  • ENTRYLAYER_USER does not receive MCP server usage.
  • No custom SPCS MCP endpoint is created.
  • No provider-owned external access integration, network rule, or API key is required.

The MCP server is useful for clients that can complete Snowflake OAuth and invoke HTTP MCP tools. When that setup is too much friction, use the SQL API directly with Cortex SQL API Skill.