An Itera account with an author role in at least one tenant. How you get
one depends on who you are — see Authentication. Internal DFL teachers
federate from their DFL login; third-party instructors get an Itera Supabase
account provisioned by their Itera admin.
An Itera Supabase access token (JWT) — this is what the MCP authenticates.
See how to obtain a token.
An MCP-compatible client: Claude Code, Cursor, VS Code, codex, or the
Anthropic SDK. Any one is fine — or just curl.
The MCP validates an Itera Supabase user-JWT (HS256, signed by the Itera
project) and reads your author memberships from it. A token from any other
project (e.g. DFL prod) fails signature verification and is rejected.
Internal DFL teacher → exchange your DFL session for an Itera session via
POST https://api.iterahq.dev/v1/embed/session, then use the returned
access_token. See Authentication → Internal DFL teacher.
Once you have a token, self-check your authoring rights with the whoami tool
(step 4) — it returns your memberships and the tenant ids you can author in.
Once connected, just ask in natural language — the model picks the tool:
“Which Itera tenants can I author in?” → calls whoami
“Create a program called ‘Intro to Kafka’ in my tenant, then add a first unit
and lesson.” → create_program → create_unit → create_lesson
Every level takes the parent id returned by the previous call. The end-to-end
sequence, with real inputs/outputs, is in Recipes → Author a full
course.
Before writing, confirm your permissions. whoami returns your memberships and
the tenant ids where your role is author / instructor / tenant_admin /
owner:
Use a tenant_id from author_tenant_ids as the tenant_id argument to
create_program. If the list is empty, you don’t yet have an authoring role —
see Authentication.
Your JWT is missing, expired, or from the wrong project. The MCP only
accepts tokens signed by the Itera Supabase project. A DFL token will fail
signature verification. Re-mint via the flow in Authentication, or
refresh (below).
You’re authenticated but your role lacks authoring rights for that tenant.
Writes require author / instructor / tenant_admin / owner on the target
tenant (RLS). Learners can read but not write. Check whoami.