mcpSource-backedReview first Safety ✓ Privacy ✓
Tinybird MCP Server for Claude
Connect Claude to your Tinybird workspace — query real-time data sources, run text-to-SQL, call published API endpoints as tools, explore datasources, and analyze analytics data — with the official Tinybird hosted MCP server.
HarnessClaude CodeCodexCursorClaude Desktop
Review first — review before installing
Open the source and read safety notes before installing.
Safety notes
- The server is hosted by Tinybird; queries and results pass through Tinybird's infrastructure.
- Use resource-scoped tokens to limit Claude's access to specific datasources or endpoints; avoid using admin tokens for production AI workflows.
- Published API endpoints are exposed as live tools — Claude can call them with real parameters, triggering actual queries against your data.
Privacy notes
- Query results, datasource schemas, and endpoint response data surface in Claude's context; treat production analytics data as sensitive.
- Tinybird tokens are secrets — use resource-scoped tokens with the minimum required permissions and rotate them on exposure.
Prerequisites
- A Tinybird account and a workspace token (admin or resource-scoped from your Tinybird workspace settings).
- For EU or other regions, append `&host=https://api.EU_REGION.tinybird.co` to the URL.
- An MCP client such as Claude Code or Claude Desktop.
Schema details
- Install type
- cli
- Troubleshooting
- No
Collection metadata
- Estimated setup
- 5 minutes
- Difficulty
- beginner
Tool listing metadata
- Website
- https://tinybird.co
Full copyable content
{
"mcpServers": {
"tinybird": {
"command": "npx",
"args": ["-y", "mcp-remote", "https://mcp.tinybird.co?token=YOUR_TINYBIRD_TOKEN"]
}
}
}About this resource
Overview
The Tinybird MCP Server is the official hosted Model Context Protocol server from Tinybird.
It connects Claude to your Tinybird workspace — making every published API endpoint available as
an MCP tool, enabling natural-language and text-to-SQL queries against your real-time data
sources, and exposing workspace exploration tools. No local installation is required; the server
runs at https://mcp.tinybird.co and authenticates via a Tinybird token.
Tinybird announced the hosted MCP server in January 2026. It uses Streamable HTTP transport.
Key capabilities
- Endpoint tools — every published Tinybird API endpoint becomes an MCP tool Claude can call with real parameters.
text_to_sql— convert natural-language questions into SQL queries against your data.execute_query— run raw SQL against any datasource.explore_data— get a summary of what data is available in a datasource.list_datasources— list all datasources in your workspace.list_endpoints— list all published API endpoints and their parameters.
How it compares
| Server | Real-time queries | Custom endpoint tools | Text-to-SQL | Hosted | Auth |
|---|---|---|---|---|---|
| Tinybird MCP | Yes (ClickHouse) | Yes (per-endpoint tools) | Yes | Yes | Token |
| MotherDuck MCP | Yes (DuckDB) | No | Yes | Local | Token |
| Mixpanel MCP | Limited (analytics) | No | No | Yes | OAuth |
| BigQuery MCP | Yes | No | Limited | Local | OAuth |
Tinybird's MCP is unique in automatically exposing every published API endpoint as a tool, making it ideal for real-time analytics APIs and event-driven data products.
Installation
Claude Code
claude mcp add tinybird --transport http \
"https://mcp.tinybird.co?token=YOUR_TINYBIRD_TOKEN"
Claude Desktop
{
"mcpServers": {
"tinybird": {
"command": "npx",
"args": ["-y", "mcp-remote", "https://mcp.tinybird.co?token=YOUR_TINYBIRD_TOKEN"]
}
}
}
Replace YOUR_TINYBIRD_TOKEN with your workspace token from the Tinybird console.
Other regions
Append &host=https://api.REGION.tinybird.co for non-default regions. For JWTs, the host
parameter is always required.
Requirements
- A Tinybird account and workspace token.
- An MCP client (Claude Code or Claude Desktop).
Security
- Use resource-scoped tokens (limit to specific endpoints or datasources) rather than admin tokens for AI-driven workflows.
- Tokens passed as URL query parameters may appear in logs — prefer injecting them via environment variables when possible.
Source Verification Notes
Verified on 2026-06-18:
- Tinybird's MCP documentation at
tinybird.co/docs/forward/work-with-data/mcpconfirms the hosted endpointhttps://mcp.tinybird.co, Streamable HTTP transport, token authentication, the endpoint-as-tools model, and the core tools (text_to_sql,execute_query,explore_data,list_datasources,list_endpoints). - Tinybird's blog post confirms the hosted MCP server launched in January 2026 and describes the real-time analytics use cases.
- Tinybird's analytics agents documentation covers the MCP integration pattern for AI agents.
- Claude Code's MCP documentation describes the
--transport httpinstallation pattern used above.
Source citations
Add this badge to your README
Show that Tinybird MCP Server for Claude is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.
[](https://heyclau.de/entry/mcp/tinybird-mcp-server)How it compares
Tinybird MCP Server for Claude side by side with 3 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.
| Field | Tinybird MCP Server for Claude Connect Claude to your Tinybird workspace — query real-time data sources, run text-to-SQL, call published API endpoints as tools, explore datasources, and analyze analytics data — with the official Tinybird hosted MCP server. Open dossier | Teradata MCP Server for Claude Connect Claude to Teradata — list databases and tables, inspect DDL, run SQL queries, preview data, analyze column quality, and explore DBA diagnostics — with the official Teradata MCP server supporting optional ML tool expansion via the teradataml Python package. Open dossier | ClickHouse MCP Server for Claude Connect Claude to ClickHouse for read-only SQL exploration, schema discovery, and safe analytics workflows. Open dossier | Data API Builder MCP Tools MCP support in Azure Data API Builder for exposing configured database entities as MCP tools, including entity discovery and DML operations over Azure databases and supported on-premises data stores. Open dossier |
|---|---|---|---|---|
| Trust | ||||
| Install risk | Review first | Review first | Review first | Review first |
| Notes | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ |
| Category | mcp | mcp | mcp | mcp |
| Source | source-backed | source-backed | source-backed | source-backed |
| Author | Tinybird | Teradata | ClickHouse | Azure |
| Added | 2026-06-18 | 2026-06-18 | 2026-06-03 | 2026-06-06 |
| Platforms | Claude CodeCodexCursorClaude Desktop | Claude CodeClaude Desktop | Claude CodeClaude Desktop | Claude CodeClaude Desktop |
| Source repo | — | — | — | — |
| Safety notes | ✓The server is hosted by Tinybird; queries and results pass through Tinybird's infrastructure. Use resource-scoped tokens to limit Claude's access to specific datasources or endpoints; avoid using admin tokens for production AI workflows. Published API endpoints are exposed as live tools — Claude can call them with real parameters, triggering actual queries against your data. | ✓The `base_query` tool executes arbitrary SQL on your Teradata system — only connect with credentials scoped to the minimum required permissions. Row limits (`DEFAULT_ROW_LIMIT`, `MAX_ROW_LIMIT`) prevent accidental full-table scans returning millions of rows; leave defaults in place unless you need larger result sets. | ✓The upstream server runs ClickHouse queries in read-only mode by default because `CLICKHOUSE_ALLOW_WRITE_ACCESS` is false unless explicitly enabled. Leave write access disabled for production investigation workflows. If write access is enabled, destructive operations such as DROP and TRUNCATE require the additional `CLICKHOUSE_ALLOW_DROP` opt-in. Treat both flags as privileged operational changes, not normal client configuration. Use a dedicated least-privilege ClickHouse user or role. MCP read-only mode does not hide tables, columns, rows, or system metadata that the database account is already allowed to read. Review model-generated SQL before execution, especially broad table scans, expensive aggregations, cross-database queries, or wide time ranges against production clusters. For HTTP or SSE transports, keep authentication enabled. The upstream server requires authentication by default for those transports and only documents disabling it for local development. | ✓Data API Builder MCP tools can expose database entity metadata and perform DML operations depending on DAB configuration and permissions. Built-in tools include entity discovery and record read, create, update, delete, aggregate, and execute-style workflows in the MCP source tree. The upstream README still labels endpoint support as coming soon while source, samples, and testing docs expose MCP behavior; verify the exact release before production use. Use least-privilege roles, disable DML tools where not required, and require approval before write, delete, execute, or stored-procedure operations. Do not connect MCP clients to production databases without backups, audit logging, query limits, and rollback procedures. |
| Privacy notes | ✓Query results, datasource schemas, and endpoint response data surface in Claude's context; treat production analytics data as sensitive. Tinybird tokens are secrets — use resource-scoped tokens with the minimum required permissions and rotate them on exposure. | ✓Query results, schema definitions, DDL, and session/system metadata from your Teradata instance are surfaced in Claude's context. Your database credentials are embedded in the `DATABASE_URI` — keep it in the MCP config env and never commit it to version control. | ✓Query results, database names, table names, column metadata, create-table definitions, and aggregate outputs can become visible to the connected MCP client and model session. ClickHouse data often includes logs, events, analytics records, user identifiers, IP addresses, request payloads, or product usage data; use database permissions and query limits before exposing production datasets. Store ClickHouse passwords, roles, and bearer tokens in MCP environment configuration or your client secret-management flow, not in prompts or checked-in configuration files. chDB support can query local files, URLs, and embedded datasets when enabled. Keep it disabled unless that local data access is intentional. | ✓Entity metadata can expose database names, table names, view names, stored procedure names, field names, key fields, relationships, permissions, and role design. Read and DML tool calls can expose or change customer records, internal data, regulated fields, identifiers, audit fields, and business workflow state. Connection strings, role headers, MCP URLs, logs, request bodies, result payloads, and MCP transcripts can contain sensitive operational or personal data. Redact database values, connection details, entity names, role names, and query results before sharing prompts, screenshots, logs, or generated notes. |
| Prerequisites |
|
|
|
|
| Install | | | | |
| Config | | | | |
| Citations | ||||
| Claim | Unclaimed | Unclaimed | Unclaimed | Unclaimed |
Signals
Loading live community signals…
More like this, weekly
A short, calm digest of reviewed Claude resources. Unsubscribe any time.