The CData Code Assist MCP for Klaviyo defines each connection to Klaviyo as a named configuration that an MCP Client (such as Claude Desktop) can use when sending natural language queries.

You create and manage these configurations using the CData Code Assist MCP Configuration Tool. The tool automatically handles formatting, storage, and registration with MCP clients.

Understanding Connection Configurations

Each connection configuration is stored in a .mcp file. This file includes the details needed to initialize the connector when an MCP Client starts a session.

• On Windows, configuration files are stored in "~/AppData/Roaming/CData/Klaviyo Data Provider/".
• On macOS, configuration files are stored in "~/Library/Application Support/CData/Klaviyo Data Provider/".

The .mcp file is a text file that contains a list of connection properties and a timestamp. For example:

#Tue May 20 15:48:40 EDT 2025
AuthScheme=Basic
User=myUser
Password=myPassword
Security Token=myToken

The configuration tool handles these settings automatically. Each saved configuration enables an MCP client to launch a dedicated MCP server instance with the correct connector and options. Manual file editing is not required.

Connecting to Klaviyo

To connect to Klaviyo, first choose an authentication method by setting the following property:

• AuthScheme: The type of authentication to use whe connecting to Klaviyo.

Depending on the selected method, additional connection properties are required. See below for configuration steps for each supported authentication type.

Accessing Custom Fields

By default, the server surfaces only system fields. To detect and include custom fields set IncludeCustomFields to true. When IncludeCustomFields is set to true the server scans RowScanDepth records to detect custom fields and determine their datatype. Set RowScanDepth to 0 to scan all records for custom field detection. Note that enabling custom fields and setting RowScanDepth to 0 or a large value may affect performance.

Accessing List_{ListName} and Segment_{SegmentName} as separate views

By default, the server surfaces only the system tables and Views. To model each List and Segment as a separate view, similar to the Klaviyo interface, set ListDynamicViews to true.

Authenticating to Klaviyo

You can authenticate to Klaviyo using either an API Key or OAuth PKCE.

API Key

First, generate an API Key, if you have not done so already:

1. Log in to your user account.
2. Navigate to the Private API Key creation page.
3. Click Create Private API Key.
4. Under Private API Key Name, assign a name to the key.
5. Under Select Access Level, choose the required access level. At minimum, Accounts: Read access is required for a successful Test Connection.
6. Click Create to generate the API Key. Copy and save the generated API Key, as it is only shown once.

Next, set the following properties:

• AuthScheme: Set this to APIKey.
• APIKey: Set this to the value of the Private API Key that you generated.

OAuth PKCE

Set AuthScheme to OAuthPKCE.

Desktop Applications

To authenticate using OAuth PKCE you must create a custom OAuth application. See Creating a Custom OAuth App for instructions.

Get and Refresh the OAuth Access Token

After setting the following properties, you are ready to connect:

• InitiateOAuth: Set this to GETANDREFRESH. You can use InitiateOAuth to avoid repeating the OAuth exchange and manually setting the OAuthAccessToken.
• OAuthClientId Set this to the client Id assigned when you registered your app.
• OAuthClientSecret Set this to the client secret assigned when you registered your app. This is optional if a secret was not generated during app registration.
• CallbackURL Set this to the redirect URI defined when you registered your app. For example: http://localhost:3333

When you connect, the server opens Klaviyo's OAuth endpoint in your default browser. Log in and grant permissions to the application. The server then completes the OAuth process:

1. The server obtains an access token from Klaviyo and uses it to request data.
2. The OAuth values are saved in the location specified in OAuthSettingsLocation, allowing them to persist across sessions.

The server refreshes the access token automatically when it expires.

Web Applications

When connecting via a Web application, you need to register a custom OAuth app with Klaviyo. You can then use the server to get and manage the OAuth token values. See Creating a Custom OAuth App for more information.

Get an OAuth Access Token

Set the following connection properties to obtain the OAuthAccessToken:

• OAuthClientId: Set this to the client Id in your app settings.
• OAuthClientSecret: Set this to the client secret in your app settings. This is optional if a secret was not generated during app registration.

Then call stored procedures to complete the OAuth exchange:

1. Call the GetOAuthAuthorizationURL stored procedure. Set the CallbackURL input to the Redirect URI you specified in your app settings. The procedure returns the URL to the OAuth endpoint and a PKCEVerifier value. Note this value for later use.

2. Navigate to the URL. Log in and authorize the web application. After authenticating, the browser redirects you to the redirect URI.
3. Call the GetOAuthAccessToken stored procedure. Set the AuthMode input to WEB. Set the PKCEVerifier input of this procedure to the corresponding output from the GetOAuthAuthorizationURL procedure from Step 1.

After you have obtained the access and refresh tokens, you can connect to data and refresh the OAuth access token automatically or manually.

Automatic Refresh of the OAuth Access Token

To have the server automatically refresh the OAuth access token, set the following properties on the first data connection.

• InitiateOAuth: Set this to REFRESH.
• OAuthClientId: Set this to the client Id in your app settings.
• OAuthClientSecret: Set this to the client secret in your app settings. This is optional if a secret was not generated during app registration.
• OAuthAccessToken: Set this to the access token returned by GetOAuthAccessToken.
• OAuthRefreshToken: Set this to the refresh token returned by GetOAuthAccessToken.
• OAuthSettingsLocation: Set this to the location where you want the server to save the OAuth values, which persist across connections.

Manual Refresh of the OAuth Access Token

The only value needed to manually refresh the OAuth access token when connecting to data is the OAuth refresh token. Use the RefreshOAuthAccessToken stored procedure to manually refresh the OAuthAccessToken after the ExpiresIn parameter value returned by GetOAuthAccessToken has elapsed, then set the following connection properties:

• OAuthClientId: Set this to the client Id in your app settings.
• OAuthClientSecret: Set this to the client secret in your app settings. This is optional if a secret was not generated during app registration.

Then call RefreshOAuthAccessToken with OAuthRefreshToken set to the OAuth refresh token returned by GetOAuthAccessToken. After the new tokens have been retrieved, open a new connection by setting the OAuthAccessToken property to the value returned by RefreshOAuthAccessToken.

Finally, store the OAuth refresh token so that you can use it to manually refresh the OAuth access token after it has expired.

Headless Machines

To configure the server, use OAuth with a user account on a headless machine. You need to authenticate on another device that has an internet browser.

1. Choose one of two options:
   • Option 1: Obtain the OAuthVerifier and PKCEVerifier values as described in "Obtain and Exchange a Verifier Code" below.
   • Option 2: Install the server on a machine with an internet browser and transfer the OAuth authentication values after you authenticate through the usual browser-based flow.
2. Then configure the server to automatically refresh the access token on the headless machine.

Option 1: Obtain and Exchange Verifier Codes

To obtain a verifier code and PKCE verifier, you must authenticate at the OAuth authorization URL.

Follow the steps below to authenticate from the machine with an internet browser and obtain the OAuthVerifier connection property.

1. Choose one of these options:
   • If you are using the Embedded OAuth Application, call the GetOAuthAuthorizationURL stored procedure. Open the URL returned by the stored procedure in a browser.
   • If you are using a custom OAuth application, set the following properties:
     • InitiateOAuth: Set to OFF.
     • OAuthClientId: Set to the client Id assigned when you registered your application.
     • OAuthClientSecret: Set to the client secret assigned when you registered your application. This is optional if a secret was not generated during app registration.
     Then call the GetOAuthAuthorizationURL stored procedure with the appropriate CallbackURL. The stored procedure returns the URL to the OAuth endpoint as well as a PKCEVerifier value. Note this value for later use. Open the URL returned by the stored procedure in a browser.
2. Log in and grant permissions to the server. You are redirected to the redirect URI.

There is a parameter named code appended to the redirect URI. Note the value of this parameter. Later you will set this in the OAuthVerifier connection property.

Next, you need to exchange the OAuth verifier code for OAuth refresh and access tokens.

On the headless machine, set the following connection properties to obtain the OAuth authentication values:

• InitiateOAuth: Set this to REFRESH.
• OAuthVerifier: Set this to the noted verifier code (the value of the code parameter in the redirect URI).
• PKCEVerifier: Set this to the value you noted earlier in Step 1.
• OAuthClientId: (custom applications only) Set this to the client Id in your custom OAuth application settings.
• OAuthClientSecret: (custom applications only) Set this to the client secret in the custom OAuth application settings. This is optional if a secret was not generated during app registration.
• OAuthSettingsLocation: Set this to persist the encrypted OAuth authentication values to the specified location.

Test the connection to generate the OAuth settings file, then re-set the following properties to connect:

• InitiateOAuth: Set this to REFRESH.
• OAuthClientId: (custom applications only) Set this to the client Id assigned when you registered your application.
• OAuthClientSecret: (custom applications only) Set this to the client secret assigned when you registered your application. This is optional if a secret was not generated during app registration.
• OAuthSettingsLocation: Set this to the location containing the encrypted OAuth authentication values. Make sure this location gives read and write permissions to the server to enable the automatic refreshing of the access token.

Option 2: Transfer OAuth Settings

Prior to connecting on a headless machine, you need to install and create a connection with the server on a device that supports an internet browser. Set the connection properties as described in "Desktop Applications" above.

After completing the instructions in "Desktop Applications", the resulting authentication values are encrypted and written to the location specified by OAuthSettingsLocation. The default filename is OAuthSettings.txt.

Test the connection to generate the OAuth settings file, then copy the OAuth settings file to your headless machine.

On the headless machine, set the following connection properties to connect to data:

• InitiateOAuth: Set this to REFRESH.
• OAuthClientId: (custom applications only) Set this to the client Id assigned when you registered your application.
• OAuthClientSecret: (custom applications only) Set this to the client secret assigned when you registered your application. This is optional if a secret was not generated during app registration.
• OAuthSettingsLocation: Set this to the location of the OAuth settings file you copied from the machine with the browser. Make sure this location gives read and write permissions to the server to enable the automatic refreshing of the access token.