ChatGPT MCP Setup Guide: Add a Remote MCP Server
Add a remote MCP server to ChatGPT through Developer mode. Covers apps, HTTPS endpoints, OAuth, permissions, testing, refreshes, and common errors.
Quick setup
ChatGPT connects to a custom remote MCP server as an app. The current setup flow is:
- Make the MCP server reachable over HTTPS.
- In ChatGPT, open Settings → Security and login and enable Developer mode.
- Open Settings → Plugins or go to
chatgpt.com/plugins. - Select the plus button and create a developer-mode app.
- Enter a name, description, and the public MCP server URL.
- Complete authentication, review the discovered tools, and create the app.
- Open a new conversation, add the app from + → More, and test a harmless request.
OpenAI's current Connect from ChatGPT documentation says ChatGPT Apps are supported on all plans. Developer mode can still be unavailable when an organization administrator disables it.
This guide focuses on connecting an existing remote MCP endpoint. Building an interactive ChatGPT app with custom UI components is a separate Apps SDK workflow.
ChatGPT apps, MCP servers, and plugins
The names have changed faster than the underlying architecture. OpenAI now uses app for the ChatGPT integration a user connects. A developer-mode app points to an MCP server, which exposes tools and optional resources over the Model Context Protocol.
Published apps are distributed as plugins, while a private integration can remain a developer-mode app. Older articles may still call the same concept a custom connector or custom MCP app.
| Term | Meaning in the current workflow |
|---|---|
| MCP server | The remote service that advertises tools and handles tool calls |
| ChatGPT app | The connected integration users select in a conversation |
| Developer-mode app | A private or test app created from an MCP server URL |
| Plugin | The reviewed distribution format for publishing an app |
| Data-only app | An MCP app that exposes tools without a custom visual component |
You do not need a custom interface to connect a useful MCP server. A data-only server can expose database, API, search, or workflow tools and let ChatGPT present the results in the conversation.
Requirements before you start
Confirm these items before opening ChatGPT settings:
- a ChatGPT account with Developer mode available
- permission from the workspace administrator when organization policy controls apps
- a remote MCP server reachable through public HTTPS
- a stable MCP endpoint URL supplied by the server operator
- an authentication method supported by both ChatGPT and the server
- reviewed tool names, descriptions, annotations, and backend permissions
- a way to revoke the app or its credential
For local development, OpenAI documents Secure MCP Tunnel and also permits a public HTTPS tunnel such as ngrok or Cloudflare Tunnel. A localhost or private-network URL is not enough for the normal remote connection flow.
Treat the endpoint as production-facing even during a test. The MCP server can receive prompts, tool arguments, and authenticated requests from ChatGPT, and its tools may reach sensitive systems.
How to add an MCP server to ChatGPT
Step 1: review the MCP server
Before connecting, identify:
- who operates the endpoint
- which tools it exposes
- whether tools read data, change state, or trigger external actions
- what account, database, API, or files those tools can reach
- where credentials are stored
- how user and tenant boundaries are enforced
- how to revoke access and review activity
A successful MCP handshake proves that ChatGPT can discover the server. It does not prove that every tool is safe or that backend authorization is correct.
For third-party servers, use the provider's current documentation rather than copying an endpoint from an old directory or tutorial. For an internal server, review the deployed tool list and authentication flow before sharing it with a workspace.
Step 2: expose a stable HTTPS endpoint
Deploy the server at the public URL expected by its framework or provider. OpenAI's Apps SDK examples commonly use an HTTPS /mcp endpoint, but an existing hosted service may provide a complete generated URL that should be copied exactly.
Check the URL from outside the development machine. Verify TLS, redirects, authentication discovery, and the MCP initialization response. Do not place a database password or upstream API credential in the URL.
If the server uses OAuth, confirm that its registered redirect behavior and authorization metadata match the ChatGPT connection flow. If it uses another supported credential pattern, follow the server operator's instructions exactly.
Step 3: enable Developer mode
In ChatGPT:
- Open Settings.
- Choose Security and login.
- Turn on Developer mode.
If the toggle is unavailable, the current workspace policy may block developer-mode apps. Ask the workspace administrator to allow the feature instead of trying to bypass organization controls.
Developer mode is intended for testing apps that have not gone through public plugin review. Enabling it does not automatically trust every MCP server you add.
Step 4: create the developer-mode app
Open Settings → Plugins or visit chatgpt.com/plugins, then select the plus button.
Provide:
- Name: a clear user-facing name, including the environment when relevant
- Description: what the app does and when ChatGPT should use it
- MCP server URL: the complete public endpoint supplied by the server
Descriptions affect tool discovery. Write specific language such as “Inspect the read-only production analytics schema and run approved SELECT queries” rather than “Useful data tools.” Distinguish staging from production and read-only from write-capable apps in the name.
Select Create. ChatGPT connects to the endpoint and displays the tools the server advertises. Stop if the list contains unexpected write, delete, payment, messaging, or administrative operations.
Step 5: authenticate and set permissions
Complete the server's authentication flow. Authentication identifies the user or client; it does not replace authorization inside the MCP server or backend system.
OpenAI currently documents three app permission levels:
| Permission level | ChatGPT behavior |
|---|---|
| Always ask | Requests confirmation before retrieving information or making changes |
| Ask before making changes | Allows retrieval automatically and confirms write actions |
| Ask only before important changes | Allows routine actions and confirms consequential operations |
Personal accounts can set a global level or override an individual app. Business and Enterprise administrators can control workspace defaults and per-app permissions.
Client-side confirmation is one safety layer, not the final enforcement point. The MCP server and the connected backend should independently reject operations the identity is not allowed to perform.
Step 6: test in a new conversation
Open a new ChatGPT conversation. Select + → More, then choose the app from the available tools.
Use a small test sequence:
- Ask ChatGPT to list the available capabilities without changing anything.
- Request one harmless read operation.
- Inspect the tool selected and its arguments.
- Confirm that the returned data belongs to the expected account or environment.
- Request one operation that policy should deny.
- Verify the denial at the MCP server or backend, not only in ChatGPT's interface.
For a database server, begin with schema inspection and a small read-only query. For an API server, begin with endpoint discovery and one reviewed GET operation. For a workflow server, use a dry run or non-consequential action before testing writes.
Step 7: refresh after tool changes
ChatGPT stores discovered app metadata. After changing tool names, descriptions, schemas, or annotations:
- redeploy the MCP server
- open the developer-mode app in Settings → Plugins
- choose Refresh
- compare the updated tool list with the deployment
- repeat the read and denial tests in a new conversation
Without a refresh, ChatGPT may continue using stale metadata even though the server code has changed.
Data-only app or interactive app?
Choose a data-only app when tool results work well as text, tables, citations, or structured content inside the conversation. Typical examples include database exploration, API operations, document search, internal knowledge, and infrastructure checks.
Choose the Apps SDK UI path when the workflow needs an interactive component such as a board, map, chart controls, form, or other visual state that should render inside ChatGPT.
The server architecture can support both. Start data-only unless the user experience clearly requires a custom component; it reduces implementation and review surface.
For company knowledge and deep research compatibility, OpenAI documents a specific read-only search and fetch tool shape with URL-backed results for citations. A general tool server does not need to imitate that schema unless it targets those experiences.
Hosted PostgreSQL or OpenAPI through datamcp
Full disclosure: datamcp is our product.
datamcp creates hosted remote MCP links for PostgreSQL 12+ and OpenAPI 3.x sources, including supported Swagger UI and Redoc pages. The AI client authenticates to the MCP endpoint; PostgreSQL credentials or supported upstream API credentials remain stored on the datamcp connection.
For PostgreSQL, a link can be Read Only, Read, Write & Delete, Full Access, or Custom with table-level operations. The effective PostgreSQL role remains a separate permission boundary. PostgreSQL query activity and denied operations are available for review.
For OpenAPI, datamcp exposes schema-aware tools to list endpoints, inspect endpoint details and schemas, and call approved operations. Read Only permits visible GET and HEAD methods, but an API owner must still review whether an allowed request has side effects or returns sensitive data. OpenAPI calls do not currently appear in the datamcp activity log, so use upstream API and infrastructure logs for execution evidence.
Use the ChatGPT PostgreSQL guide for the database-specific flow. For REST APIs, start with OpenAPI to MCP and verify the generated remote endpoint against the current ChatGPT app requirements.
ChatGPT MCP troubleshooting
Developer mode is missing
- Confirm you are looking under Settings → Security and login.
- Check whether you are in the intended personal or organization workspace.
- Ask the workspace administrator whether Developer mode is allowed.
- Recheck OpenAI's current documentation because plan and admin controls can change.
ChatGPT cannot connect to the MCP server
- Confirm the endpoint is public HTTPS and copied without modification.
- Check TLS certificate validity and redirect behavior.
- Verify that the server supports the current remote MCP transport expected by ChatGPT.
- Inspect server logs for initialization or authentication-discovery errors.
- Test the deployment with MCP Inspector before recreating the app.
Authentication loops or fails
- Remove stale app authorization and reconnect.
- Confirm OAuth metadata, redirect registration, and issuer URLs.
- Check that the authorizing user can access the selected organization and source.
- Do not substitute an upstream database or API credential for MCP client authentication.
Tools are missing or outdated
- Open the app in Settings → Plugins and select Refresh.
- Confirm the deployed server advertises the expected tool list.
- Check whether user or workspace permissions hide an operation.
- Open a new conversation after refreshing metadata.
ChatGPT selects the wrong tool
- Make the app description specific about when it should be used.
- Give tools distinct action-oriented names and descriptions.
- Narrow overlapping tools instead of relying on prompt wording alone.
- Test direct, indirect, and negative prompts before sharing the app.
ChatGPT MCP FAQ
Does ChatGPT support MCP servers?
Yes. ChatGPT can connect to a remote MCP server through a developer-mode app. The server must be reachable over HTTPS, and Developer mode must be available for the account or workspace.
Which ChatGPT plans support MCP apps?
OpenAI's current documentation says ChatGPT Apps are supported on all plans, including Business, Enterprise, and Education. Organization policy can still control whether a user may enable Developer mode or add an app.
Where do I add an MCP server in ChatGPT?
Enable Developer mode under Settings → Security and login. Then open Settings → Plugins or chatgpt.com/plugins, select the plus button, and enter the MCP server URL.
Can ChatGPT connect to a local MCP server?
Not through an ordinary localhost URL. Use OpenAI's Secure MCP Tunnel or expose the server through a reviewed public HTTPS tunnel for development. Deploy a stable HTTPS endpoint for ongoing use.
Does a ChatGPT MCP app need OAuth?
Not every MCP server uses the same authentication method. Use the method supported by the server and ChatGPT. Keep MCP client authentication separate from credentials the server uses for a database or upstream API.
Can I use the app on mobile?
OpenAI currently says an app linked on ChatGPT web becomes available in ChatGPT mobile clients. Create and manage the developer-mode app through the documented web settings, then test the mobile experience separately.
Next, compare hosted and local MCP servers, review MCP authorization and permission layers, or connect PostgreSQL through the ChatGPT integration.
Related articles
Claude Code MCP Setup Guide: Config, Servers, Scopes
Add MCP servers to Claude Code with the CLI or .mcp.json. Covers HTTP and stdio, local/project/user scopes, OAuth, API keys, testing, and fixes.
TutorialClaude Code PostgreSQL MCP Setup Guide
Connect Claude Code to PostgreSQL through a local or remote MCP server. Includes scopes, read-only roles, datamcp setup, testing, and fixes.
Ready to connect an AI client?
Create a hosted MCP link for a supported PostgreSQL or OpenAPI source.
Create MCP linkExplore the ChatGPT integration · Questions? Read the docs or view pricing.