FAQ: Connection & Authentication

OAuth 2.0 Authorization Code flow, backed by AWS Cognito. When you connect for the first time, your client opens a browser window and redirects you to the InSync login page. After you log in, an access token is issued and stored by the client. You do not need to generate, copy, or manage API keys manually.

An active InSync Analytics account is required for all clients. For ChatGPT and Claude specifically, you also need a paid subscription (Plus, Pro, Business, or Enterprise) because their custom app/MCP support is not available on the free tier. Cursor, VS Code, and Gemini CLI work with their respective free tiers as long as you have an InSync account.

Yes. Your Claude or ChatGPT subscription allows you to run an AI client — it does not grant access to InSync's financial data. You need a separate InSync Analytics account to authenticate against the MCP server.

When your InSync account is first created, you receive a temporary password by email from no-reply@insyncanalytics.com. These credentials are valid for 14 days from the time the account is provisioned. Before connecting an MCP client, use these temporary credentials to log in at insyncanalytics.com and set a permanent password. If you don't see the email, check your spam folder. If the 14-day window expires before you log in, contact InSync support to have new temporary credentials issued.

Try these steps in order:

1. Verify your InSync Analytics account is active and in good standing. If your account was recently created, check whether your temporary credentials have expired (14-day window).
2. Try removing and re-adding the server in your client, then re-authenticate from scratch.
3. Check that you are using the correct endpoint URL including the /mcp path: https://ai-mcp.insyncanalytics.com/mcp.
4. Clear any cached tokens in your client (location varies by client — see the Troubleshooting guide).
5. Contact InSync support if the issue persists after re-authentication.

Yes. Rate limits apply per InSync account (not per device or IP address), so using multiple clients simultaneously counts against a shared limit. Each client maintains its own OAuth token — you may need to authenticate independently on each device.

Access tokens expire after a short window (typically 1 hour), but the MCP client automatically uses the refresh token to get a new access token without requiring you to log in again. You should only need to complete the browser-based OAuth login once per device per client. If you revoke access from the InSync dashboard or your InSync password changes, you will need to re-authenticate.

Yes. All communication between your AI client and the InSync MCP server uses HTTPS (TLS). Your InSync credentials are submitted directly to AWS Cognito over HTTPS — they are never sent to the AI client or to Claude/ChatGPT/Gemini.

Yes. The endpoint must be:

https://ai-mcp.insyncanalytics.com/mcp

The /mcp path suffix is required. Using https://ai-mcp.insyncanalytics.com without the path will not connect. The https:// scheme is also required — plain http:// is not accepted.

Email inquiries@insyncanalytics.com to request M2M access. Once approved, your client_id and client_secret will be shared with you directly. There is no self-service sign-up for M2M credentials.

This is usually caused by one of:

1. The client was restarted without reconnecting (some clients require you to re-enable the server after restart).
2. The OAuth refresh token expired (rare, but possible after extended inactivity).
3. A temporary network issue between your client and the server.

Try re-authenticating first. If the server consistently disconnects, check the Troubleshooting guide for your specific client.