MCP server
The USGM MCP server lets an AI coding agent (Claude Code, Cursor, VS Code, Windsurf, Cline, …) manage a mailbox for you: read and organize scanned mail, manage folders, request scans, manage shipping and deposit addresses and bank accounts, view shipment requests, and read the account profile and virtual mailing address.
It’s a thin, stateless HTTP wrapper around the public API gateway — every tool call is forwarded to the gateway with your API key, so the gateway enforces auth, rate limits, and audit exactly as it does for direct REST calls. Nothing new to trust.
Connecting
- Endpoint:
POST https://mcp.usglobalmail.com/mcp— a Streamable HTTP MCP server. - Auth: send your API key as a bearer token —
Authorization: Bearer usgmk_live_…(use ausgmk_test_…key against the sandbox). It’s the same key you use for direct REST calls.
Treat the key like a password — anything the agent can do, the key can do. Use a dedicated key per agent and rotate it if it leaks.
Example agent configs
Replace usgmk_live_… with your key (use a usgmk_test_… key against the sandbox).
For Claude Code you can also run:
Windsurf, Cline, and other MCP clients follow the same shape: a remote HTTP server with a url and an
Authorization header.
Tools
All list tools return { data, next_cursor }; pass next_cursor back as cursor to page.
Destructive tools are annotated (destructiveHint) so agents ask before shredding mail or deleting a
folder, address, or bank account. Read-only tools are annotated readOnlyHint.
Notes
- Stateless: no session affinity — any instance serves any request.
- Auth today is API-key passthrough. OAuth 2.1 (browser consent instead of a pasted key) and scoped keys are planned; until then, use a dedicated key per agent and rotate it if leaked.