MCP Inspector – Using the Web Interface

What is this about?

This guide walks through the MCP Inspector web UI field by field and answers the practical question: what do I actually put in each box? — Transport Type, Command, Arguments, Environment Variables, Authentication, Configuration, and Open Auth Settings.

Want the architecture, CLI mode, and security background instead? See the MCP Inspector Developer Guide.

1. Launch and open the UI

Start the Inspector from a terminal:

npx @modelcontextprotocol/inspector

It prints a URL with a session token baked in — open that one so the UI is authenticated automatically:

🔗 http://localhost:6274/?MCP_PROXY_AUTH_TOKEN=3a1c267f...

The web UI runs at http://localhost:6274. If you open the bare address without the token, you'll need to paste the token under Configuration (see §7 below).

2. The interface at a glance

┌───────────────────────────┬──────────────────────────────────────┐
│  LEFT SIDEBAR (connect)    │  MAIN AREA (after you connect)        │
│                            │                                       │
│  Transport Type      ▼     │  [ Resources | Prompts | Tools |      │
│  Command / URL             │    Ping | Sampling | Roots |          │
│  Arguments                 │    Notifications ]                    │
│  Environment Variables     │                                       │
│  Authentication            │  → list items, inspect schemas,       │
│  Configuration       ⚙     │    run tools, read resources,         │
│                            │    watch the message log              │
│  [ Connect ]               │                                       │
└───────────────────────────┴──────────────────────────────────────┘

You spend all your setup time in the left sidebar. Once you hit Connect, the tabs on the right come alive.

3. The connect flow in three steps

Pick a Transport Type.
Fill the fields that transport reveals (Command/Arguments for local; URL for remote).
Click Connect. Status changes to Connected, and the right-hand tabs populate.

The rest of this guide explains each field.

4. Transport Type

The first dropdown. It decides how the Inspector reaches your server, and which other fields appear.

Option	Use it when…	Fields it shows
STDIO	The server is a local process you start by command (most local dev).	Command, Arguments, Environment Variables
SSE	The server is remote/HTTP and uses Server-Sent Events (older remote style).	URL, Connection Type, Authentication
Streamable HTTP	The server is remote/HTTP using the modern streamable transport.	URL, Connection Type, Authentication

Which one do I pick?

Testing a server you run on your own machine → STDIO.
Connecting to a hosted/remote server → Streamable HTTP (try this first), or SSE if the server only offers the older endpoint.

For SSE / Streamable HTTP you also get a Connection Type:

Via Proxy (default) — traffic goes through the Inspector's local proxy. Use this normally.
Direct — the browser connects straight to the server (useful when the proxy can't reach it, e.g. certain CORS setups).

5. Command, Arguments & Environment Variables (STDIO)

These three only appear for STDIO.

Command

The executable that launches your server — not the script itself. Typical values:

Server type	Command
Node / TypeScript	`node`
Run an npm package	`npx`
Python (uv project)	`uv`
Run a PyPI package	`uvx`
Python directly	`python`

Arguments

Everything you'd type after the command, space-separated. The field label literally reads "Arguments (space-separated)".

Command	Arguments	Result
`node`	`build/index.js`	runs your built server
`npx`	`-y @modelcontextprotocol/server-filesystem /Users/you/Desktop`	filesystem server scoped to that folder
`uvx`	`mcp-server-git --repository ~/code/my-repo`	git server for that repo
`uv`	`--directory path/to/server run package-name`	runs a local uv project

Mental model

Command + Arguments is exactly the terminal line npx @modelcontextprotocol/inspector <Command> <Arguments>. If it runs in your shell, it runs here.

Environment Variables

Key/value pairs injected into the server process — this is where the secrets and config your server needs go. Click Add Environment Variable, then fill the Key and Value placeholders.

Key (example)	Value	Why
`GITHUB_TOKEN`	`ghp_…`	server authenticates to GitHub
`OPENAI_API_KEY`	`sk-…`	server calls OpenAI
`LOG_LEVEL`	`debug`	verbose server logs

These are not the Inspector's own settings — they're handed to your server, exactly like the env block in a mcp.json entry.

6. Authentication & Open Auth Settings

This section appears for SSE / Streamable HTTP servers (remote servers that require credentials). There are two independent mechanisms — use whichever your server expects.

Option A — Custom Headers / Bearer Token

The simplest case: the server accepts a static token or API key in a header.

Bearer Token → the Inspector sends Authorization: Bearer <your-token>.
Custom Headers → add an arbitrary header such as X-API-Key: <value> when the server uses a non-standard name.

Use this when you already hold a long-lived token or API key.

Option B — OAuth 2.0 Flow ("Open Auth Settings")

When the server speaks OAuth (the modern pattern for hosted MCP servers), open the OAuth 2.0 Flow / Auth Settings to run the authorization-code handshake. The Inspector handles discovery, sends you through the provider's login, and injects the resulting access token.

Field	What to enter
Client ID	Leave blank if the server supports dynamic client registration — the Inspector registers itself. Enter a value only if you pre-registered a client.
Client Secret (optional)	Only for confidential clients that issued you a secret. Public clients leave it empty.
Redirect URL	Pre-filled with the Inspector's callback (`http://localhost:6274/oauth/callback`). Change it only if the server requires a specific registered redirect.
Scope (space-separated)	The permission scopes the server documents, e.g. `read write`. Leave blank to accept defaults.

The common case is "leave it empty"

For most OAuth-enabled MCP servers you enter nothing here: leave Client ID, Secret, and Scope blank, keep the default Redirect URL, click to start the flow, log in, and the token is captured automatically. Only fill fields when a server explicitly requires a pre-registered client or specific scopes.

7. Configuration panel

The Configuration section (gear ⚙) holds the Inspector's own settings — how it talks to the proxy and how long it waits. Defaults are sensible; touch these only when needed.

Setting	Default	Change it when…
Proxy Session Token (`MCP_PROXY_AUTH_TOKEN`)	(auto)	You opened the UI without the token URL — paste the token printed in the terminal here.
Request Timeout (`MCP_SERVER_REQUEST_TIMEOUT`)	`300000` ms	A tool is slow and times out — raise it.
Reset Timeout on Progress (`MCP_REQUEST_TIMEOUT_RESET_ON_PROGRESS`)	`true`	Leave on so progress notifications keep long calls alive.
Maximum Total Timeout (`MCP_REQUEST_MAX_TOTAL_TIMEOUT`)	`60000` ms	Cap the absolute wait even with progress updates.
Inspector Proxy Address (`MCP_PROXY_FULL_ADDRESS`)	(empty)	The proxy runs on a non-default host/port, e.g. `http://10.1.1.22:5577`.

The #1 reason people open this panel

A red "Connection Error — did you add the proxy session token?" message means the UI isn't authenticated. Paste the Proxy Session Token here, or relaunch and use the full URL with ?MCP_PROXY_AUTH_TOKEN=….

8. Connecting and the working tabs

Hit Connect. The status badge shows Connected (or Disconnected / an error). Control buttons:

Connect — open the session.
Restart — restart the server process (STDIO) and reconnect.
Reconnect — re-establish the session after a server rebuild.
Disconnect — close it.

Once connected, work in the tabs:

Tab	What you do there
Resources	List resources, view metadata (MIME type, description), read content, test subscriptions.
Prompts	See prompt templates, fill their arguments, preview the generated messages.
Tools	List tools, read their input schemas, run them with custom inputs, see results.
Notifications	Watch server logs and protocol notifications — your main debugging window.

9. Reusing a configuration

Two copy buttons in the sidebar export what you've set up:

Server Entry — copies this one server's JSON block.
Servers File — copies a complete mcp.json with a mcpServers map.

Paste the result into a mcp.json file to relaunch the same setup later or share it with your team. (See the Developer Guide, section Configuration file, for the format and how to load it.)

10. Quick recipes

Local filesystem server (STDIO):

Transport: STDIO · Command: npx · Arguments: -y @modelcontextprotocol/server-filesystem /Users/you/Desktop

Local git server (STDIO, Python):

Transport: STDIO · Command: uvx · Arguments: mcp-server-git --repository ~/code/my-repo

Your own built server with a secret (STDIO):

Transport: STDIO · Command: node · Arguments: build/index.js · Env: API_KEY = …

Remote server with an API key (Streamable HTTP):

Transport: Streamable HTTP · URL: https://server.example.com/mcp · Authentication: Bearer Token = …

Remote server with OAuth (Streamable HTTP):

Transport: Streamable HTTP · URL: https://server.example.com/mcp · Open the OAuth flow, leave fields blank, log in.

1. Launch and open the UI​

2. The interface at a glance​

3. The connect flow in three steps​

4. Transport Type​

5. Command, Arguments & Environment Variables (STDIO)​

Command​

Arguments​

Environment Variables​

6. Authentication & Open Auth Settings​

Option A — Custom Headers / Bearer Token​

Option B — OAuth 2.0 Flow ("Open Auth Settings")​

7. Configuration panel​

8. Connecting and the working tabs​

9. Reusing a configuration​

10. Quick recipes​

See also​