Salesforce Platform Tooling MCP server
An AI agent connected to Salesforce Platform Tooling can manage development artifacts—creating and updating Apex classes, Lightning Web Components, and metadata; executing anonymous Apex code; retrieving debug logs; and automating deployments. Developers, platform engineers, and release managers use this integration to streamline CI/CD pipelines and reduce manual code management.
Setting up an MCP server
This article covers the standard steps for creating an MCP server in AI Gateway and connecting it to an AI client. The steps are the same for every integration — application-specific details (API credentials, OAuth endpoints, and scopes) are covered in the individual application pages.
Before you begin
You'll need:
- Access to AI Gateway with permission to create MCP servers
- API credentials for the application you're connecting (see the relevant application page for what to collect)
Create an MCP server
Find the API in the catalog
- Sign in to AI Gateway and select MCP Servers from the left navigation.
- Select New MCP Server.
- Search for the application you want to connect, then select it from the catalog.
Configure the server
- Enter a Name for your server — something descriptive that identifies both the application and its purpose (for example, "Zendesk Support — Prod").
- Enter a Description so your team knows what the server is for.
- Set the Timeout value. 30 seconds works for most APIs; increase to 60 seconds for APIs that return large payloads.
- Toggle Production mode on if this server will be used in a live workflow.
- Select Next.
Configure authentication
Enter the authentication details for the application. This varies by service — see the Authentication section of the relevant application page for the specific credentials, OAuth URLs, and scopes to use.
Configure security
- Set any Rate limits appropriate for your use case and the API's own limits.
- Enable Logging if you want AI Gateway to record requests and responses for auditing.
- Select Next.
Deploy
Review the summary, then select Deploy. AI Gateway provisions the server and provides a server URL you'll use when configuring your AI client.
Connect to an AI client
Once your server is deployed, you'll need to add it to the AI client your team uses. Select your client for setup instructions:
Tips
- You can create multiple MCP servers for the same application — for example, a read-only server for reporting agents and a read-write server for automation workflows.
- If you're unsure which OAuth scopes to request, start with the minimum read-only set and add write scopes only when needed. Most application pages include scope recommendations.
- You can edit a server's name, description, timeout, and security settings after deployment without redeploying.
Authentication
Salesforce Tooling API uses OAuth 2.0 through a Connected App for API access. The authorization endpoint is https://login.salesforce.com/services/oauth2/authorize (or https://test.salesforce.com for sandboxes), and tokens are exchanged at https://login.salesforce.com/services/oauth2/token. Your Connected App provides Client ID and Client Secret. Essential scopes include api (Tooling API access), refresh_token (persistent authentication), and full (required for deployment operations). The custom_permissions and visualforce scopes are optional for package development or legacy UI operations.
Available tools
The MCP server provides Apex development, metadata management, debug logging, and deployment capabilities for development workflow automation.
Code & component management
| Tool | Description |
|---|---|
| createApexClass | Create new Apex class with source code |
| updateApexClass | Update Apex class body and metadata |
| getApexClass | Retrieve Apex class definition and test coverage |
| createTrigger | Create database trigger with event and logic |
| updateTrigger | Modify trigger code and target object |
| createLwcComponent | Create Lightning Web Component with HTML, CSS, JS |
| updateLwcComponent | Update LWC files and properties |
Testing & analysis
| Tool | Description |
|---|---|
| runTests | Execute Apex test class and retrieve results |
| getCodeCoverage | Check code coverage percentage per class |
| executeAnonymous | Run anonymous Apex code for quick operations |
| getDebugLog | Retrieve and analyze debug logs for execution trace |
Metadata & configuration
| Tool | Description |
|---|---|
| describeMetadata | Get all available metadata types |
| retrieveMetadata | Retrieve metadata files (CustomObject, ValidationRule, etc.) |
| deployMetadata | Deploy code and configuration to target org |
| createMetadataItem | Create custom object, field, or configuration |
| updateMetadata | Update field definitions, validation rules, workflows |
Deployment & CI/CD
| Tool | Description |
|---|---|
| createDeployRequest | Start metadata deployment with change set |
| getDeployStatus | Check deployment progress and error details |
| checkDeployValidity | Validate deployment before executing |
| listDeployRequests | Get recent deployments and status |
Tips
Require full scope for any deployment operations — api alone won't authorize code deployments to prevent accidental overwrites.
Use Apex classes with proper error handling for production workflows to ensure graceful degradation and clear error messages.
Avoid relying on Anonymous Apex (executeAnonymous) for production workflows — it's useful for one-off data fixes or quick testing, but not for long-term automation.
Batch test runs with runTests during off-peak hours as test execution consumes significant org resources and can slow other operations.
Retrieve metadata and validate with checkDeployValidity before deployMetadata to catch conflicts and missing dependencies early.
Store debug logs securely if they contain sensitive data — never store them in plain text systems.
Monitor log size and archive older logs regularly to avoid hitting org storage limits.
Cequence AI Gateway