Snowflake-managed MCP server¶
Overview¶
Note
Snowflake supports Model Context Protocol revision 2025-06-18.
Model Context Protocol (MCP), is an open-source standard that lets AI agents securely interact with business applications and external data systems, such as databases and content repositories. MCP lets enterprise businesses reduce integration challenges and quickly deliver outcomes from models. Since its launch, MCP has become foundational for agentic applications, providing a consistent and secure mechanism for invoking tools and retrieving data.
The Snowflake-managed MCP server lets AI agents securely retrieve data from Snowflake accounts without needing to deploy separate infrastructure. You can configure the MCP server to serve Cortex Analyst and Cortex Search as tools on the standards-based interface. MCP clients discover and invoke these tools, and retrieve data required for the application. With managed MCP servers on Snowflake, you can build scalable enterprise-grade applications while maintaining access and privacy controls. The MCP server on Snowflake provides:
Standardized integration: Unified interface for tool discovery and invocation, in compliance with the rapidly evolving standards.
Comprehensive authentication: Snowflake’s built-in OAuth service to enable OAuth-based authentication for MCP integrations.
Robust governance: Role based access control (RBAC) for the MCP server and tools to manage tool discovery and invocation.
For information about the MCP lifecycle, see Lifecycle. For an example of an MCP implementation, see the Getting Started with Managed Snowflake MCP Server Quickstart.
Create an MCP Server object¶
Create an object, specifying the tools and other metadata. MCP clients that connect with the server, after requisite authentication, are able to discover and invoke these tools.
Navigate to the desired database and schema to create the MCP server in.
Create the MCP server:
CREATE [OR REPLACE ] MCP SERVER [ IF NOT EXISTS] <server_name> FROM SPECIFICATION $$ tools: - name: "policy-search" type: "CORTEX_SEARCH_SERVICE_QUERY" identifier: "database1.schema1.Cortex_Search_Service1" description: "cortex search service for all products" title: "Product Search" - name: "revenue-semantic-view" type: "CORTEX_ANALYST_MESSAGE" identifier: "database1.schema1.Semantic_View_1" description: "Semantic view for all revenue tables" title: "Semantic view for revenue" $$
Snowflake currently supports the following tool types:
CORTEX_SEARCH_SERVICE_QUERY: Cortex Search Service tool
CORTEX_ANALYST_MESSAGE: Cortex Analyst tool
To show MCP servers, use the following commands:
SHOW MCP SERVERS IN DATABASE <database_name>; SHOW MCP SERVERS IN SCHEMA <schema_name>; SHOW MCP SERVERS IN ACCOUNT;
The following example shows the output of the command:
| created_on | name | database_name | schema_name | owner | comment | ------------------------------------------+-------------------+---------------+-------------+--------------+------------------------------ | Fri, 23 Jun 1967 07:00:00.123000 +0000 | TEST_MCP_SERVER | TEST_DATABASE | TEST_SCHEMA | ACCOUNTADMIN | [NULL] | | Fri, 23 Jun 1967 07:00:00.123000 +0000 | TEST_MCP_SERVER_2 | TEST_DATABASE | TEST_SCHEMA | ACCOUNTADMIN | Test MCP server with comment |
To describe an MCP server, use the following command:
DESCRIBE MCP SERVER <server_name>;
The following example shows the output of the command:
| name | database_name | schema_name | owner | comment | server_spec | created_on | ------------------------------------------------------------------------------------------------------+------------------------------------- | TEST_MCP_SERVER | TEST_DATABASE | TEST_SCHEMA | ACCOUNTADMIN | [NULL] | {"version":1,"tools":[{"name":"policy-search","identifier":"db.schema.search_service","type":"CORTEX_SEARCH_SERVICE_QUERY"}]} | Fri, 23 Jun 1967 07:00:00.123000 +0000 |
To drop an MCP server, use the following command:
DROP MCP SERVER <server_name>;
Access control¶
You can use the following privileges to manage access to the MCP object and the underlying tools
Privilege |
Object |
Description |
|---|---|---|
OWNERSHIP |
MCP Object |
Required to update the object configuration |
MODIFY |
MCP Object |
Provides update, drop, describe, show, and use ( |
USAGE |
MCP Object |
Required to connect with the MCP server and discover tools |
USAGE |
Cortex Search Service |
Required to invoke the Cortex Search tool in the MCP server |
USAGE |
Semantic View |
Required to invoke the Cortex Analyst tool in the MCP server |
Set up OAuth authentication¶
Configure authentication on the MCP client. The Snowflake-managed MCP server supports OAuth 2.0 aligned with the authorization recommendation in the MCP protocol. The Snowflake-managed MCP server doesn’t support dynamic client registration.
First, create the security integration. For information about this command, see CREATE SECURITY INTEGRATION (Snowflake OAuth).
CREATE [ OR REPLACE ] SECURITY INTEGRATION [IF NOT EXISTS] <integration_name> TYPE = OAUTH OAUTH_CLIENT = CUSTOM ENABLED = TRUE OAUTH_CLIENT_TYPE = 'CONFIDENTIAL' OAUTH_REDIRECT_URI = '<redirect_URI>'
Then, call the system function to retrieve your client id and keys for client configuration. The integration name is case sensitive and must be in uppercase.
SELECT SYSTEM$SHOW_OAUTH_CLIENT_SECRETS('<integration_name>');
Note
When logging into Snowflake from your MCP client, you might see an Invalid consent request error message on the first attempt. To resolve this, find the scope query parameter with the following format in the authorization URL.
&scope=session%3Arole%3Aall
Change the scope from session%3Arole%3Aall to session%3Arole%3Arole name you want to authenticate and resubmit the URL.
Interact with the MCP server using a custom MCP client¶
If you are building a custom MCP client, the following sections demonstrate the Snowflake endpoints that your client interacts with.
Note
The Snowflake MCP server currently only supports tool capabilities.
Initialize the MCP server¶
After authenticating, initialize the server by issuing GET and POST calls to the following API endpoint:
POST /api/v2/databases/{database}/schemas/{schema}/mcp-servers/{name} { "jsonrpc": "2.0", "id": 1, "method": "initialize" "params": {} }
The following example shows the response:
{ "jsonrpc": "2.0", // passthrough from req "id": 1, // passthrough from req "result": { "proto_version": "2025-06-18", "capabilities": { "tools": { "listChanged": false } }, "server_info": { "name": "<snowflake-mcp-name>", "title": "Snowflake Server: <snowflake-mcp-name>", "version": "1.0.0" } } }
Discover and invoke tools¶
The MCP clients can discover and invoke tools with tools/list and tools/call requests.
To discover tools, issue a POST call as shown in the tools/list request:
POST /api/v2/databases/{database}/schemas/{schema}/mcp-servers/{name}
{
"jsonrpc": "2.0",
"id": 1,
"method": "tools/list",
"params": {}
}
The following example shows the response:
{
"jsonrpc": "2.0", // passthrough from req
"id": 1, // passthrough from req
"result": {
"tools": [ // search
{
"name":"policy-search",
"description":"Test search tool",
"inputSchema": {
"type": "object",
"description": "A search query and additional parameters for search.",
"properties": {
"query": {
"description": "Unstructured text query. Exactly one of 'query' or 'multi_index_query' must be specified.",
"type": "string"
},
"columns": {
"description": "List of columns to return.",
"type": "array",
"items": {
"type": "string"
}
},
"filter": {
"description": "Filter query.",
"type": "object"
},
"limit": {
"description": "Max number of results to return.",
"type": "integer",
"default": 10
}
}
},
"outputSchema": {
"type": "object",
"description": "Search results.",
"properties": {
"results": {
"description": "List of result rows.",
"type": "array",
"items": {
"type": "object",
"additionalProperties": true,
"description": "Map of column names to values (as bytes)."
}
},
"request_id": {
"description": "ID of the request.",
"type": "string"
}
},
"required": ["results", "request_id"]
}
},
{ // analyst
"name":"revenue-semantic-view",
"description":"Test tool",
"inputSchema": {
"type": "object",
"description": "A message and additional parameters for Cortex Analyst.",
"properties": {
"message": {
"description": "The user’s question.",
"type": "string"
}
}
}
}
]
}
}
To invoke a tool, issue a POST call as shown in the tools/call request.
For the Analyst tool, your client passes messages in the request. The SQL statement is listed as output. You must pass the name of the tool to invoke in the request as name.
POST /api/v2/databases/<database>/schemas/<schema>/mcp-servers/<name>
{
"jsonrpc": "2.0",
"id": 1,
"method": "tools/call",
"params": {
"name": "test-analyst",
"arguments": {
"message ": "text"
}
}
}
The following example shows the response:
{
"jsonrpc": "2.0",
"id": 1,
"result": {
"content": [
{
"type": "text",
"text": "string"
}
]
}
}
For Search tool requests, your client can pass the query and the following optional arguments:
columns
filter
limit
The search results and request ID are listed as output. You must pass the name of the tool to invoke in the request as name.
POST /api/v2/databases/{database}/schemas/{schema}/mcp-servers/{name}
{
"jsonrpc": "2.0",
"id": 1,
"method": "tools/call",
"params": {
"name": "policy-search",
"arguments": {
"query": "Hotels in NYC",
"columns": array of strings,
"filter": json,
"limit": int
}
}
}
The following example shows the response:
{
"jsonrpc": "2.0",
"id": 1,
"result": {
"results": {}
}
}
Limitations¶
Snowflake managed MCP server does not support the following constructs in the MCP protocol: resources, prompts, roots, notifications, version negotiations, life cycle phases, and sampling.
Only non-streaming responses are supported.