openworkid.org / mcp
MCP Server
upstand.work exposes a Model Context Protocol server. AI agents can read public profiles without auth, and perform write operations with user-delegated tokens. This page covers both paths: configuring a personal agent and building integrations.
—Quickstart
01
Add the server to your agent config
Server URL:
https://mcp.upstand.work/sse — public read tools work immediately with no token.02
Generate a user token for write access
Go to
upstand.work/settings/tokens → Generate MCP token. Valid 90 days, revocable anytime.03
Pass the token as a header
Your agent sends
Authorization: Bearer <token> on authenticated calls. No header needed for public tools.Auth header formats
// User Auth — personal token Authorization: Bearer oiw_usr_xxxxxxxxxxxxxxxxxxxxxxxx // Client Auth — API key (M3) Authorization: Bearer oiw_api_xxxxxxxxxxxxxxxxxxxxxxxx // Public — no header needed
—Auth Levels
Three distinct levels. Each call runs at exactly one level — they do not stack.
Public
No token required
Any agent reads public profiles and verifications. No registration.
get_profileget_verifications
User Auth
Magic-Link token
Pro delegates access to their own agent. Read + write on own profile only.
get_suggestionsget_market_benchmarkadd_experiencerequest_verification
Client Auth
API key (M3)
Businesses with an API key. Read-only on opt-in profiles only.
search_profiles
—Tool Reference
Milestone 1 — Available now
get_profile(username)
PublicM1
Returns a complete ProfessionalIdentity document. Includes experience records, verification references, extensions, and human proof status. Withdrawn verifications are excluded.
Parameters
| Name | Type | Req |
|---|---|---|
| username | string | required |
| include_extensions | boolean | optional |
| format | "full"|"summary" | optional |
Returns
| Field | Type |
|---|---|
| identity | ProfessionalIdentity |
| verification_count | integer |
| last_updated | ISO 8601 |
Example response (summary)
{
"identity": {
"id": "upstand.work/thomas-weber",
"name": "Thomas Weber",
"summary": "Senior Finance Controller, 20 years automotive...",
"humanProof": { "verified": true, "peerVerificationCount": 3 },
"availableForWork": true
},
"verification_count": 3,
"last_updated": "2026-04-10T14:00:00Z"
}get_verifications(username)
PublicM1
Returns all active peer verifications. Withdrawn verifications are excluded. Mutual verifications appear with mutualFlag: true. Verifier email addresses are never returned — only the email domain.
Parameters
| Name | Type | Req |
|---|---|---|
| username | string | required |
| experience_id | string | optional |
| include_one_click | boolean | optional |
Returns
| Field | Type |
|---|---|
| verifications | PeerVerification[] |
| total | integer |
| mutual_count | integer |
get_suggestions()
User AuthM1
AI-generated analysis of what is missing or weak in the authenticated user's profile. Returns missing extension fields, experiences with no verifications, and suggested verifiers.
Parameters
| Name | Type | Req |
|---|---|---|
| No parameters. Operates on the authenticated user's own profile. | ||
Returns
| Field | Type |
|---|---|
| profile_strength | "weak"|"moderate"|"strong" |
| missing_fields | string[] |
| unverified_experiences | string[] |
| suggested_verifiers | object[] |
Example response
{
"profile_strength": "moderate",
"missing_fields": ["extensions.finance-controller.rateRange", "summary"],
"unverified_experiences": ["upstand.work/thomas-weber/exp/002"],
"suggested_verifiers": [{
"experience_id": "exp/002",
"suggestion": "Someone from your BMW Group period has not yet verified this experience."
}]
}Milestone 2 — In development
get_market_benchmark(category, region?)
User AuthM2
Anonymised rate benchmarks for a given profession category. Data comes from verified profiles that have opted in.
Parameters
| Name | Type | Req |
|---|---|---|
| category | string | required |
| region | string | optional |
| seniority | string | optional |
| unit | "hour"|"day" | optional |
Returns
| Field | Type |
|---|---|
| p25 / p50 / p75 | number |
| currency | string |
| sample_size | integer |
| data_source | "internal"|"seed"|"hybrid" |
add_experience(experience)
User AuthM2
Creates a draft ExperienceRecord. The draft is returned for user review and must be confirmed before going live. AI writes the draft — the human confirms it.
ℹReturns a draft, not a live record. The user must confirm via
confirm_experience(draft_id) before it becomes public.Parameters
| Name | Type | Req |
|---|---|---|
| experience | ExperienceRecord | required |
Returns
| Field | Type |
|---|---|
| draft_id | string |
| draft | ExperienceRecord |
| confirm_url | URL |
| status | "draft" |
request_verification(experience_id, verifier)
User AuthM2
Sends a verification request email to a named verifier for a specific experience. Rate-limited to 10 per week.
→Human-in-the-loop is required. Do not automate this call. The user must confirm who to contact and what context to include.
Parameters
| Name | Type | Req |
|---|---|---|
| experience_id | string | required |
| verifier_email | string | required |
| verifier_name | string | required |
| context_message | string | required |
Returns
| Field | Type |
|---|---|
| request_id | string |
| sent_at | ISO 8601 |
| weekly_remaining | integer |
Milestone 3 — Planned
search_profiles(criteria)
Client AuthM3
Searches verified profiles matching criteria. Only returns profiles with availableForWork: true and API discovery enabled. Returns profile data only — no contact details.
Parameters
| Name | Type | Req |
|---|---|---|
| extension_id | string | required |
| fields | object | optional |
| min_verifications | integer | optional |
| region | string | optional |
| limit | integer | optional |
Returns
| Field | Type |
|---|---|
| profiles | ProfessionalIdentity[] |
| total | integer |
| api_credits_used | integer |
—Integration Examples
claude_desktop_config.json
{
"mcpServers": {
"upstand-work": {
"url": "https://mcp.upstand.work/sse",
"headers": {
// remove for read-only access
"Authorization": "Bearer oiw_usr_your_token_here"
}
}
}
}Example conversation with Claude
You: "What's missing from my upstand.work profile?" Claude: [calls get_suggestions()] "Your Continental experience has no verifications yet. Would you like me to draft a request to Maria Hoffmann?" You: "Yes — she was my CFO there." Claude: [calls request_verification(experience_id, verifier, context)] "Request sent. She'll receive an email she can respond to in 60 seconds — no account needed."
OpenAI Agents SDK — Python
from agents import Agent, MCPServerSse from agents.mcp import MCPServerSseParams server = MCPServerSse( params=MCPServerSseParams( url="https://mcp.upstand.work/sse", headers={ "Authorization": f"Bearer {TOKEN}" } ), cache_tools_list=True ) agent = Agent( name="Profile Manager", instructions="Help the user manage their upstand.work profile.", mcp_servers=[server] ) result = await Runner.run(agent, "What verifications am I missing?")
REST API — mirrors MCP tools exactly
# Get profile (public) GET https://api.upstand.work/v1/profiles/{username} # Get verifications (public) GET https://api.upstand.work/v1/profiles/{username}/verifications # Get suggestions (user auth) GET https://api.upstand.work/v1/me/suggestions Authorization: Bearer oiw_usr_your_token_here # Request verification (user auth) POST https://api.upstand.work/v1/me/verifications/request Authorization: Bearer oiw_usr_your_token_here Content-Type: application/json { "experience_id": "exp/001", "verifier_email": "maria@continental.com", "verifier_name": "Maria Hoffmann", "context_message": "We worked together on the reporting project in 2021." }
—Rate Limits
| Auth Level | Scope | Limit | Window |
|---|---|---|---|
| Public | get_profile, get_verifications | 60 req | per minute / IP |
| User Auth | All read tools | 300 req | per hour / token |
| User Auth | request_verification | 10 req | per week / user |
| User Auth | add_experience (drafts) | 20 req | per day / user |
| Client Auth | search_profiles | Quota-based | per API plan |
Every response includes X-RateLimit-Remaining and X-RateLimit-Reset headers.
—Error Codes
400invalid_paramsRequired parameter missing or malformed.
401unauthorizedToken missing or expired. Generate a new one at
upstand.work/settings/tokens.403forbiddenToken exists but does not have permission for this tool’s auth level.
404not_foundProfile does not exist, is inactive, or has been deleted.
409verification_existsA pending request to this verifier for this experience already exists.
422profile_not_publicProfile exists but is unlisted or inactive. Public tools cannot access it.
429rate_limitedRate limit exceeded. Check
X-RateLimit-Reset for when the window resets.500server_errorServer-side error. Exponential backoff retries are safe for all read tools.
503unavailableTool not yet available in the current milestone.