Set up the Snowflake MCP server

Snowflake's managed MCP server lets AI agents query Snowflake data through Cortex AI services — Cortex Search for unstructured data, Cortex Analyst for natural-language SQL, and direct SQL execution against warehouses. This guide covers creating the MCP server object in Snowflake, configuring OAuth for MintMCP, and adding it as a remote MCP.

Prerequisites

A MintMCP admin account
A Snowflake account with ACCOUNTADMIN or SYSADMIN privileges
At least one Cortex AI resource already created — a Cortex Search service, a semantic view, or a warehouse for SQL execution

Create the MCP server in Snowflake

Run the following SQL to create an MCP server. Replace the placeholders with your database, schema, and resource identifiers:

CREATE OR REPLACE MCP SERVER my_mcp_server
  FROM SPECIFICATION $$
    tools:
      - name: "search-tool"
        type: "CORTEX_SEARCH_SERVICE_QUERY"
        identifier: "MY_DB.MY_SCHEMA.MY_SEARCH_SERVICE"
        description: "Search unstructured documents in Snowflake"
        title: "Document Search"
      - name: "analyst-tool"
        type: "CORTEX_ANALYST_MESSAGE"
        identifier: "MY_DB.MY_SCHEMA.MY_SEMANTIC_VIEW"
        description: "Natural language queries against revenue data"
        title: "Revenue Analyst"
      - name: "sql-tool"
        type: "SYSTEM_EXECUTE_SQL"
        description: "Execute SQL queries against Snowflake"
        title: "SQL Execution"
        config:
          read_only: false
          query_timeout: 600
          warehouse: "MY_WAREHOUSE"
  $$;

Include only the tool types you need — remove any blocks that don't apply.

Tool type reference:

Tool type	What it does	Required resource
`CORTEX_SEARCH_SERVICE_QUERY`	Searches unstructured data	Cortex Search service
`CORTEX_ANALYST_MESSAGE`	Converts natural language to SQL	Semantic view (not semantic model)
`SYSTEM_EXECUTE_SQL`	Executes SQL queries directly	Warehouse
`CORTEX_AGENT_RUN`	Routes messages to a Cortex Agent	Cortex Agent

Create an OAuth security integration

Run the following SQL to register MintMCP as an OAuth client in Snowflake:

CREATE OR REPLACE SECURITY INTEGRATION mintmcp_oauth
  TYPE = OAUTH
  OAUTH_CLIENT = CUSTOM
  ENABLED = TRUE
  OAUTH_CLIENT_TYPE = 'CONFIDENTIAL'
  OAUTH_REDIRECT_URI = 'https://app.mintmcp.com/oauth/callback';

Run the following query to retrieve the client credentials:

SELECT SYSTEM$SHOW_OAUTH_CLIENT_SECRETS('MINTMCP_OAUTH');

The result is a JSON object containing OAUTH_CLIENT_ID and OAUTH_CLIENT_SECRET. Copy both values — you'll need them when configuring MintMCP.

Grant access to the MCP server

Run the following SQL to grant your users' role access to the MCP server:

GRANT USAGE ON MCP SERVER MY_DB.MY_SCHEMA.my_mcp_server TO ROLE MY_ROLE;

Also grant access to the underlying Cortex resources so users can actually invoke the tools:

Resource type	Grant command
Cortex Search service	`GRANT USAGE ON CORTEX SEARCH SERVICE MY_DB.MY_SCHEMA.MY_SEARCH_SERVICE TO ROLE MY_ROLE;`
Semantic view	`GRANT SELECT ON VIEW MY_DB.MY_SCHEMA.MY_SEMANTIC_VIEW TO ROLE MY_ROLE;`
Warehouse	`GRANT USAGE ON WAREHOUSE MY_WAREHOUSE TO ROLE MY_ROLE;`

Get the server URL

Your MCP server URL follows this format:

https://<account_url>/api/v2/databases/<database>/schemas/<schema>/mcp-servers/<server_name>

To find your account URL, run:

SELECT CURRENT_ORGANIZATION_NAME() || '-' || CURRENT_ACCOUNT_NAME() || '.snowflakecomputing.com';

Substitute the output into the URL template. For example:

https://myorg-myaccount.snowflakecomputing.com/api/v2/databases/MY_DB/schemas/MY_SCHEMA/mcp-servers/my_mcp_server

Use hyphens in the account URL, not underscores — underscores cause connection failures.

Add Snowflake to MintMCP

In MintMCP, go to MCP store > Manage store.
Click + Add an MCP to your registry → Connect to an MCP by URL.
Enter the server URL from the previous step.
Set Connection type to Per-user credentials.
Set Authorization method to OAuth.
Open OAuth Client Advanced Settings and paste the Client ID (OAUTH_CLIENT_ID) and Client Secret (OAUTH_CLIENT_SECRET) from the SYSTEM$SHOW_OAUTH_CLIENT_SECRETS output.
Click Create.

Security considerations

Store the client secret securely — anyone with it can impersonate your MintMCP instance to Snowflake's OAuth endpoint.
Each user authenticates with their own Snowflake credentials, so tool calls execute with that user's RBAC permissions.
Granting USAGE on the MCP server does not automatically grant access to the underlying tools — grant USAGE or SELECT on each Cortex Search service, semantic view, or warehouse separately.
Snowflake recommends OAuth over Programmatic Access Tokens (PATs) to reduce the risk of credential leakage.

Next steps

Add a remote MCP server — General guide for connecting remote MCP servers to MintMCP
Tool customization — Control which Snowflake tools are visible to users

Prerequisites​

Create the MCP server in Snowflake​

Create an OAuth security integration​

Grant access to the MCP server​

Get the server URL​

Add Snowflake to MintMCP​

Security considerations​

Next steps​