>_

SpendSignoff documentation

The always-on operator for your ad accounts. Read and draft from your AI client — approve before anything goes live.

Reference

The MCP server

SpendSignoff is a Model Context Protocol server. Your AI client connects to one URL over OAuth 2.1, then calls SpendSignoff tools to read and draft against your ad accounts. The token it holds carries two scopes — and never a third one that would let it spend.

What MCP is

The Model Context Protocol is an open standard for connecting AI clients to external tools and data. A client such as Claude, ChatGPT, or Cursor speaks MCP to a server; the server advertises a set of named tools with typed inputs, and the client calls them on the user's behalf. It is the same contract every MCP server implements — SpendSignoff is one server behind that contract, scoped to ad accounts.

MCP defines the wire and the tool shape. It does not define what a given tool is allowed to do — that is the server's job. SpendSignoff uses that boundary deliberately: the protocol carries reads and drafts, and stops there.

The SpendSignoff server

One URL, one transport, one auth flow.

  • URL https://mcp.spendsignoff.com/mcp. The same endpoint for every AI client; there is no per-client host.
  • Transport — Streamable HTTP. No local process, no stdio bridge to install.
  • Auth — OAuth 2.1. The client runs the flow on first connect and is issued a token scoped to mcp.read and mcp.draft.

The scope model

Two scopes the model gets, and one it can never hold.

mcp.readGranted

Read accounts, campaigns, budgets, bids, and performance. Ungated on every plan, including Free.

mcp.draftGranted

Stage a before → after diff via propose_change. Returns a draft in pending status — it does not touch the live account.

mcp.approveNever minted

This scope does not exist. The token your AI holds cannot approve or apply a change. That authority lives only in the SpendSignoff app, behind a human.

client config

{
  "mcpServers": {
    "spendsignoff": {
      "type": "http",
      "url": "https://mcp.spendsignoff.com/mcp"
    }
  }
}
// On first call the client runs the OAuth 2.1 flow and is granted
// mcp.read + mcp.draft. No mcp.approve scope is ever returned.

The scope that does not exist is the guarantee

There is no mcp.approve scope anywhere in the API, so no token your AI holds can carry it. Approval is a human action in the SpendSignoff app, run through the two-step Approve & push live → Confirm control. The protocol cannot route around it because the capability was never minted.

Tool and API reference

Exact tool names, params, and endpoints.

  • MCP tools — the read tools and the propose_change draft surface, with example calls.
  • REST API — the /v1 namespaces the dashboard and webhooks run on, including where approval is enforced server-side.
Your AI can read and draft — it can never spend without your approval.

Next

Concepts

Drafts, the approval queue, the autonomy loop, the 24h envelope, and rollback.

    The MCP server — SpendSignoff Docs