Before you begin
Before you begin
Before troubleshooting, confirm:
- Your MCP client is configured with
https://api.checklyhq.com/mcp. - You chose an authentication method supported by your client.
- You restarted your MCP client after editing its configuration.
- Your Checkly user or service API key can access the account you want to use.
Authentication
OAuth sign-in fails
If your client reports that authentication is required or the browser sign-in does not complete:- Confirm the client is in the supported OAuth clients list.
- Confirm the endpoint is exactly
https://api.checklyhq.com/mcp. - Re-run your client’s MCP login or authentication flow.
- Remove stale Checkly MCP credentials from the client if it keeps reusing an old token.
- Reconnect and call
whoami.
OAuth client registration fails
The Checkly MCP Server only supports Checkly-approved OAuth clients. Checkly does not support Dynamic Client Registration (DCR). If your client reports a dynamic registration error, a failed client registration, or never opens the expected OAuth flow, confirm that the client is in the supported OAuth clients list. A client can support remote MCP servers and still be incompatible with the Checkly OAuth flow. If your client can send custom headers, use API-key authentication as a fallback.An API key is rejected
If your client reports a missing or invalid bearer token:- Confirm the header is exactly
Authorization: Bearer <checkly-api-key>. - Use a current
cu_...user API key orsv_...service API key. Deprecated account API keys and oldsk_...service-key formats are rejected. - Confirm the key has not been revoked.
- Confirm the client sends the header with remote MCP requests.
- Reconnect and call
whoami.
Tools and permissions
No tools are listed
Visible tools depend on the permissions granted to the MCP session. If no tools appear:- Use your MCP client’s refresh tools option.
- Restart the client if the tools list still does not update.
- Reconnect with OAuth, or confirm your API-key header is still configured.
whoami or ask Checkly which accounts you can access to verify the connection.
A specific tool is missing
Each tool requires an MCP session permission. For example:- Check status and results require permission to list checks, their status, and results.
- Test sessions require permission to read your Checkly test sessions.
- Asset tools require permission to read Checkly assets plus the related result permission.
- Incident write tools require permission to create and update your Checkly incidents.
invite-account-member tool is not available with API-key authentication. Reconnect with OAuth if you need to invite account members through MCP.
If the tool you expected is not part of the current MCP Server, share feedback or requests so we can understand the workflow your agent was trying to complete.
A tool call is denied
Tool visibility and Checkly account access are separate checks. A tool can be visible but reject a call when the selected account does not include the required feature or the authenticated user or service API key has an insufficient role. Confirm the target account and the role returned bywhoami. User API keys inherit the user’s role. Service API keys use the account and role selected when the key was created. See Security and permissions for the access required by write and run actions.
Account selection
A tool asks for an account
OAuth sessions and user API keys can access multiple Checkly accounts. Ask your client:Prompt
X-Checkly-Account header in your MCP server configuration. See Select an account.
Service API keys are already scoped to one account. If a service-key session reports that it cannot access the account in X-Checkly-Account, remove the header or set it to the account configured on the key.
Local check authoring
The MCP server cannot create or deploy check code
The MCP server runs remotely and cannot access your local project files. It cannot author, bundle, test, or deploy check code. Ask for a CLI handoff instead:Prompt
Write actions
A write tool did more than expected
Some write tools are not idempotent. Retrying a call can create another invite, another incident, or another incident update. If a write tool changed more than you expected, contact Checkly Support. Include the MCP client, the Checkly account, the tool name, and the approximate time of the action. Before approving write tool calls, check:- The target account ID.
- The target status page or check ID.
- Whether subscribers will be notified.
- Whether the action consumes check-run or RCA quota.
Browser-based clients
A browser client or web IDE cannot connect
Some browser-based clients require CORS support and may handle OAuth differently from command-line clients. If a browser-based client cannot connect:- If you use OAuth, confirm the client is in the supported OAuth clients list.
- If you use an API key, confirm the client sends custom headers with remote MCP requests.
- Try another supported client, such as Claude Code.