Snowflake-managed MCP server¶
Overview¶
Model Context Protocol (MCP), is an open-source standard that lets AI agents securely interact with business applications and external data systems, such as databases and content repositories. MCP lets enterprise businesses reduce integration challenges and quickly deliver outcomes from models. Since its launch, MCP has become foundational for agentic applications, providing a consistent and secure mechanism for invoking tools and retrieving data.
The Snowflake-managed MCP server lets AI agents securely retrieve data from Snowflake accounts without needing to deploy separate infrastructure. You can configure the MCP server to serve Cortex Analyst and Cortex Search as tools on the standards-based interface. MCP clients discover and invoke these tools, and retrieve data required for the application. With managed MCP servers on Snowflake, you can build scalable enterprise-grade applications while maintaining access and privacy controls. The MCP server on Snowflake provides:
Standardized integration: Unified interface for tool discovery and invocation, in compliance with the rapidly evolving standards.
Comprehensive authentication: Snowflake’s built-in OAuth service to enable OAuth-based authentication for MCP integrations.
Robust governance: Role based access control (RBAC) for the MCP server and tools to manage tool discovery and invocation.
Create an MCP Server object¶
Create an object, specifying the tools and other metadata. MCP clients that connect with the server, after requisite authentication, are able to discover and invoke these tools.
Navigate to the desired database and schema to create the MCP server in.
Create the MCP server:
CREATE [OR REPLACE ] MCP SERVER [ IF NOT EXISTS] <server_name> FROM SPECIFICATION $$ tools: - name: "policy-search", type*"": "Cortex_Search_Service_Query" identifier": "database1.schema1.Cortex_Search_Service1", description": "cortex search service for all products" "title": "Product Search" - name: "revenue-semantic-view", type: "Cortex_Search_Analyst_Message" identifier: "database1.schema1.Semantic_View_1", description: "Semantic view for all revenue tables" title: "Semantic view for revenue" config: warehouse: "finance_warehouse" $$You can use the following commands to show, describe, and drop the MCP server.
DESCRIBE MCP SERVER <server_name>; Output: | name | database_name | schema_name | owner | comment | server_spec | created_on | ------------------------------------------------------------------------------------------------------+------------------------------------- | TEST_MCP_SERVER | TEST_DATABASE | TEST_SCHEMA | ACCOUNTADMIN | [NULL] | {"version":1,"tools":[{"name":"basic_search","identifier":"db.schema.search_service","type":"CORTEX_SEARCH_SERVICE_QUERY"}]} | Fri, 23 Jun 1967 07:00:00.123000 +0000 | SHOW MCP SERVERS IN DATABASE <database_name>; SHOW MCP SERVERS IN SCHEMA <schema_name>; SHOW MCP SERVERS IN ACCOUNT; Output: | created_on | name | database_name | schema_name | owner | comment | ------------------------------------------+-------------------+---------------+-------------+--------------+------------------------------ | Fri, 23 Jun 1967 07:00:00.123000 +0000 | TEST_MCP_SERVER | TEST_DATABASE | TEST_SCHEMA | ACCOUNTADMIN | [NULL] | | Fri, 23 Jun 1967 07:00:00.123000 +0000 | TEST_MCP_SERVER_2 | TEST_DATABASE | TEST_SCHEMA | ACCOUNTADMIN | Test MCP server with comment | DROP MCP SERVER <server_name>;
Access control¶
You can use the following privileges to manage access to the MCP object and the underlying tools
Privilege |
Object |
Description |
|---|---|---|
OWNERSHIP |
MCP Object |
Required to update the object configuration |
MODIFY |
MCP Object |
Provides update, drop, describe, show, and use ( |
USAGE |
MCP Object |
Required to connect with the MCP server and discover tools |
USAGE |
Cortex Search Service |
Required to invoke the Cortex Search tool in the MCP server |
USAGE |
Semantic View |
Required to invoke the Cortex Analyst tool in the MCP server |
Setup Authentication¶
Configure authentication on the MCP client. The Snowflake-managed MCP server supports OAuth 2.0 aligned with the authorization recommendation in the MCP protocol.
First, create the security integration:
CREATE [ OR REPLACE ] SECURITY INTEGRATION [IF NOT EXISTS] <integration_name> TYPE = OAUTH OAUTH_CLIENT = CUSTOM OAUTH_REDIRECT_URI = '<redirect_URI>'
Then, call the client secrets with the integration name:
CALL SYSTEM$SHOW_OAUTH_CLIENT_SECRETS('<integration_name>');
Initialize the MCP server¶
After authenticating, initialize the server by issuing GET and POST calls to the following API endpoint:
POST /api/v2/databases/{database}/schemas/{schema}/mcp-servers/{name} { "jsonrpc": "2.0", "id": 1, "method": "initialize" "params": {} } Output: { "jsonrpc": "2.0", // passthrough from req "id": 1, // passthrough from req "result": { "proto_version": "2025-06-18", "capabilities": { "tools": { "listChanged": false } }, "server_info": { "name": "<snowflake-mcp-name>", "title": "Snowflake Server: <snowflake-mcp-name>", "version": "1.0.0" } } }
Discover and invoke tools¶
The MCP clients can discover and invoke tools with tools/list and tools/call requests.
To discover tools, issue a POST call as shown in the tools/list request:
POST /api/v2/databases/{database}/schemas/{schema}/mcp-servers/{name}
{
"jsonrpc": "2.0",
"id": 1,
"method": "tools/list",
"params": {}
}
Output:
{
"jsonrpc": "2.0", // passthrough from req
"id": 1, // passthrough from req
"result": {
"tools": [ // search
{
"name":"test-search",
"description":"Test search tool",
"inputSchema": {
"type": "object",
"description": "A search query and additional parameters for search.",
"properties": {
"query": {
"description": "Unstructured text query. Exactly one of 'query' or 'multi_index_query' must be specified.",
"type": "string"
},
"columns": {
"description": "List of columns to return.",
"type": "array",
"items": {
"type": "string"
}
},
"filter": {
"description": "Filter query.",
"type": "object"
},
"limit": {
"description": "Max number of results to return.",
"type": "integer",
"default": 10
}
}
},
"outputSchema": {
"type": "object",
"description": "Search results.",
"properties": {
"results": {
"description": "List of result rows.",
"type": "array",
"items": {
"type": "object",
"additionalProperties": true,
"description": "Map of column names to values (as bytes)."
}
},
"request_id": {
"description": "ID of the request.",
"type": "string"
}
},
"required": ["results", "request_id"]
}
},
{ // analyst
"name":"test",
"description":"Test tool",
"inputSchema": {
"type": "object",
"description": "A message and additional parameters for Cortex Analyst.",
"properties": {
"message": {
"description": "The user’s question.",
"type": "string"
}
}
}
}
]
}
}
To invoke a tool, issue a POST call as shown in the tools/call request.
For the Analyst tool, you pass messages in the request. The SQL statement is listed as output.
POST /api/v2/databases/<database>/schemas/<schema>/mcp-servers/<name>
{
"jsonrpc": "2.0",
"id": 1,
"method": "tools/call"
"params": {
"name": "test-analyst",
"arguments": {
"Messages": "array"
}
}
}
Output:
{
jsonrpc": "2.0",
"id": 1,
"result": {
"content": [
{
"type": "text",
"text": "string"
}
]
}
}
For the Search tool, you can pass query, columns, filter, and limit in the request. The search results and request ID are listed as output.
POST /api/v2/databases/{database}/schemas/{schema}/mcp-servers/{name}
{
"jsonrpc": "2.0",
"id": 1,
"method": "tools/call"
"params": {
"name": "test-search",
"arguments": {
"query": "Hotels in NYC",
"columns": array of strings,
"filter": json,
"limit": int
}
}
}
Output:
{
"jsonrpc": "2.0",
"id": 1,
"result": {
"results": {}
}
}
Limitations¶
Snowflake managed MCP server does not support the following constructs in the MCP protocol: resources, prompts, roots, notifications, version negotiations, life cycle phases, and sampling.
Only non-streaming responses are supported.