Skip to main content

Set up the Databricks MCP server

Databricks includes managed MCP servers built directly into the platform — no deployment or custom infrastructure required. Each workspace exposes multiple MCP endpoints for Unity Catalog functions, Genie spaces, SQL, and vector search. This guide covers finding your server URLs, creating credentials, and connecting them to MintMCP.

Prerequisites

  • A MintMCP admin account
  • A Databricks workspace with the Managed MCP Servers preview enabled
  • A Databricks personal access token (for PAT auth) or an OAuth app registered in your Databricks account (for OAuth auth)

Find your MCP server URLs

In your Databricks workspace, go to Agents > MCP Servers. This page lists the managed MCP server URLs available in your workspace.

The URL format for each server type is:

Server typeURL
Unity Catalog functionshttps://<workspace-hostname>/api/2.0/mcp/functions/{catalog}/{schema}
System AI (Python interpreter)https://<workspace-hostname>/api/2.0/mcp/functions/system/ai
Genie spacehttps://<workspace-hostname>/api/2.0/mcp/genie/{genie_space_id}
Databricks SQLhttps://<workspace-hostname>/api/2.0/mcp/sql
Vector searchhttps://<workspace-hostname>/api/2.0/mcp/vector-search/{catalog}/{schema}/{index_name}

Replace {catalog} and {schema} with the Unity Catalog path you want to expose, and {genie_space_id} or {index_name} as appropriate.

Create credentials

Option A: Personal access token

A PAT is the simplest approach and works well for a shared service account that the whole team uses.

  1. In your Databricks workspace, click your username in the top bar and select Settings.
  2. Click Developer.
  3. Next to Access tokens, click Manage.
  4. Click Generate new token.
  5. Enter a description (e.g., MintMCP gateway) and set a token lifetime.
  6. Click Generate and copy the token — it is shown only once.

OAuth provides scoped permissions and automatic token refresh, which is better suited for long-running production access.

An account admin must register an OAuth app in the Databricks account console:

  1. Go to the Databricks account console → SettingsApp Connections.
  2. Click Add connection.
  3. Configure the app:
    • Name: a descriptive identifier (e.g., mintmcp-databricks)
    • Client type: Confidential (with secret) for server-to-server use
    • Scopes: all-apis for full access, or narrower scopes (genie, unity-catalog) for least privilege
  4. Save and copy the Client ID and Client Secret.

Add Databricks to MintMCP

Databricks managed MCP servers use Streamable HTTP transport, so they connect to MintMCP as a remote URL.

With a PAT (shared credentials):

  1. In MintMCP, go to MCP store > Manage store.
  2. Click + Add an MCP to your registryConnect to an MCP by URL.
  3. Paste the MCP server URL (e.g., https://<workspace-hostname>/api/2.0/mcp/functions/main/default).
  4. Set Connection type to Shared credentials.
  5. Set Authorization method to Bearer token.
  6. Paste your personal access token.
  7. Click Create.

With OAuth (per-user credentials):

  1. In MintMCP, go to MCP store > Manage store.
  2. Click + Add an MCP to your registryConnect to an MCP by URL.
  3. Paste the MCP server URL.
  4. Set Connection type to Per-user credentials.
  5. Set Authorization method to OAuth.
  6. Enter the Client ID and Client Secret from the OAuth app you registered.
  7. Click Create.

With per-user credentials, each team member authenticates with their own Databricks identity, so Unity Catalog permissions apply per user.

Expose multiple server types

You can add each Databricks MCP server type as a separate entry in MintMCP. For example, to give agents both Unity Catalog function access and a Python interpreter, add two remote MCP entries:

  • https://<workspace-hostname>/api/2.0/mcp/functions/main/default
  • https://<workspace-hostname>/api/2.0/mcp/functions/system/ai

Security considerations

  • Unity Catalog permissions apply: for UC function endpoints, agents can only call functions the authenticated identity has EXECUTE permission on.
  • Genie spaces are read-only: the Genie MCP endpoint does not support writes.
  • Databricks SQL supports writes: consider whether your agents need write access before adding the SQL endpoint.
  • IP allowlists: if your workspace enforces IP restrictions, add MintMCP's outbound IPs to the workspace allowlist so connections are not blocked.
  • PAT scope: a PAT grants access to everything the token owner can access — prefer OAuth with narrow scopes for production environments.
  • Public preview: the Managed MCP Servers feature is in public preview and does not carry production SLAs.