WarmySender MCP Server — Connect Your AI to Cold Email, LinkedIn Outreach, and Warmup

Run WarmySender from Claude Desktop, Claude Code, Cursor, Windsurf, or Zed via the Model Context Protocol. Account safety stays enforced by our scheduler regardless of the caller.

What this is

WarmySender is a B2B outreach platform covering all four pillars of modern outreach: cold emailing, email warmup, LinkedIn outreach, and multichannel sequences. Our public MCP server lets any Model Context Protocol-compatible AI client drive your workspace with natural language.

Point a supported client (Claude Desktop, Claude Code, Cursor, Windsurf, Zed, and anything else that speaks MCP 2025-11 Streamable HTTP) at https://warmysender.com/mcp with a Bearer API key, and your assistant can list campaigns, enroll prospects, check mailbox and LinkedIn account health, pause or resume campaigns, and update suppression lists — all through the same safety-checked scheduler that our web UI uses.

Why connect your AI assistant?

Ask your assistant questions like:

Every action runs through the same scheduler-first path as the web UI. Rate limits, warmup ramps, LinkedIn daily/weekly caps, and domain-level protections all apply identically. MCP is a protocol adapter, not a parallel implementation.

Quick start in 3 steps

  1. Create an API key. In WarmySender, go to Settings → API Keys, click Create, and pick the scopes you want to expose. Available scopes are campaigns:read, campaigns:write, prospects:read, prospects:write, mailboxes:read, warmup:read, warmup:write, linkedin:read, linkedin:write, enrollments:write, suppressions:read, suppressions:write, and jobs:read. Save the key value — you'll only see it once.
  2. Paste the snippet into your client. Pick your AI client below, copy the install snippet, and replace ws_YOUR_API_KEY_HERE with your real key.
  3. Ask your assistant to use WarmySender. Try “List my campaigns” or “What's my LinkedIn account health?” — the client discovers MCP tools automatically.

Install snippets

Server URL: https://warmysender.com/mcp. Transport: Streamable HTTP (MCP spec 2025-11-25). Replace ws_YOUR_API_KEY_HERE with your API key.

Claude Desktop

Paste into your claude_desktop_config.json. File: claude_desktop_config.json.

{
  "mcpServers": {
    "warmysender": {
      "command": "npx",
      "args": [
        "-y",
        "@warmysender/mcp",
        "--api-key=ws_YOUR_API_KEY_HERE"
      ]
    }
  }
}

Claude Code

Run this CLI command once to register the server.

claude mcp add warmysender -- npx -y @warmysender/mcp --api-key=ws_YOUR_API_KEY_HERE

Cursor

Paste into .cursor/mcp.json at your project root. Cursor speaks streamable-http natively — no launcher needed. File: .cursor/mcp.json.

{
  "mcpServers": {
    "warmysender": {
      "url": "https://warmysender.com/mcp",
      "headers": {
        "Authorization": "Bearer ws_YOUR_API_KEY_HERE"
      }
    }
  }
}

Windsurf

Paste into ~/.codeium/windsurf/mcp_config.json. File: mcp_config.json.

{
  "mcpServers": {
    "warmysender": {
      "serverUrl": "https://warmysender.com/mcp",
      "headers": {
        "Authorization": "Bearer ws_YOUR_API_KEY_HERE"
      }
    }
  }
}

Zed

Add to your Zed settings.json under context_servers. File: settings.json.

{
  "context_servers": {
    "warmysender": {
      "command": {
        "path": "npx",
        "args": [
          "-y",
          "@warmysender/mcp",
          "--api-key=ws_YOUR_API_KEY_HERE"
        ]
      }
    }
  }
}

Available tools

MCP tools are gated by the scopes on your API key. If a call returns insufficient_scope, add the missing scope in Settings → API Keys and create a new key. Every write tool accepts an optional idempotency_key argument so retries are safe. Destructive tools (pause_*, unenroll_*, add_to_suppression_list) set destructiveHint: true so MCP clients prompt the user for confirmation before calling.

Read tools

Query workspace state without side effects. Safe for LLMs to call freely. All tools are workspace-scoped — your key only sees data from its own workspace.

Rate limit: 120 calls / minute / workspace

Tool Description Required scopes
list_campaigns List email campaigns, optionally filtered by status. Cursor-paginated. campaigns:read
get_campaign Fetch a single campaign with full step definitions, pacing config, and stats. campaigns:read
list_prospects List prospects in the workspace, with filters for status, list membership, and campaign enrollment. prospects:read
get_prospect Fetch a single prospect with history, custom fields, and enrollment state. prospects:read
list_mailboxes List connected email mailboxes with provider, warmup status, and daily pacing. mailboxes:read
get_mailbox_health Return per-mailbox health: deliverability, warmup score, bounce rate, recent issues. mailboxes:read
get_warmup_stats Warmup performance metrics: inbox placement, spam rescue events, ramp progress. warmup:read
list_linkedin_accounts List connected LinkedIn accounts with seat assignment, ramp stage, and proxy location. linkedin:read
get_linkedin_account_health LinkedIn account health: restriction status, acceptance rate, remaining daily/weekly budgets. linkedin:read
list_linkedin_campaigns List LinkedIn campaigns, optionally filtered by status. linkedin:read
get_linkedin_campaign_stats LinkedIn campaign performance: invites sent, accepted, messages, replies — per-step breakdown. linkedin:read
list_suppressions List workspace suppression entries (emails, domains, LinkedIn profiles) with reason and source. suppressions:read
get_job_status Check the status of an asynchronous job (bulk prospect import, audience enrichment, etc). jobs:read
get_workspace_info Smoke-test tool. Returns workspace ID, plan, active scopes on the current key, and server time. No scope required. (none)

Write tools — email & prospects

Modify email campaigns, prospects, and suppressions. All writes are idempotent when an optional idempotency_key is passed. Destructive tools (pause, archive, unenroll) set destructiveHint so MCP clients prompt the user for confirmation first.

Rate limit: 30 calls / minute / workspace (bulk tools: 5 / minute)

Tool Description Required scopes
create_prospect Create a single prospect with email, name, company, LinkedIn URL, and custom fields. prospects:write
update_prospect Update an existing prospect. Only provided fields are changed; others are preserved. prospects:write
bulk_create_prospects Create up to 1,000 prospects at once. Returns a job id; poll with get_job_status. prospects:write
create_campaign Create a new email campaign with sequence steps, sending windows, and mailbox rotation config. campaigns:write
update_campaign Update an existing campaign. Cannot edit a running campaign's steps; pause first. campaigns:write
start_campaign Transition a draft or paused campaign to running. Scheduler takes over from here. campaigns:write
pause_campaign Pause a running campaign. In-flight emails complete; no new sends. Destructive hint = true. campaigns:write
resume_campaign Resume a paused campaign. Respects remaining daily/mailbox quota. campaigns:write
enroll_prospects Add prospects to a campaign. Dedupes against existing enrollments and workspace suppression list. enrollments:write
unenroll_prospects Remove prospects from a campaign. Destructive hint = true. enrollments:write
add_to_suppression_list Add an email, domain, or LinkedIn profile to the workspace suppression list. Stops all future sends. suppressions:write

Write tools — LinkedIn & warmup

Safety-critical actions. LinkedIn tools NEVER call Unipile send / invite / message / view paths directly — they only touch scheduler entry points (pause, resume, enroll). The scheduler enforces all daily, weekly, and ramp-schedule limits. MCP CANNOT bypass account safety. Connecting and disconnecting accounts stays in the UI.

Rate limit: LinkedIn writes: 10 calls / minute / workspace. Warmup writes: 30 / minute.

Tool Description Required scopes
pause_linkedin_campaign Pause a running LinkedIn campaign. Destructive hint = true. linkedin:write + campaigns:write
resume_linkedin_campaign Resume a paused LinkedIn campaign. Scheduler re-checks account health before resuming. linkedin:write + campaigns:write
enroll_in_linkedin_campaign Enroll LinkedIn profile URLs into a campaign. Scheduler handles invite pacing and ramp. linkedin:write + campaigns:write
update_warmup_settings Update per-mailbox warmup settings: daily volume, ramp mode, spam rescue toggle, [ref: XXXX] tag (preserved). warmup:write
bulk_update_warmup Update warmup settings across multiple mailboxes at once. Returns a job id. warmup:write

Safety & account protection

WarmySender's MCP server is designed so that a compromised or confused AI cannot burn your sending reputation or ban your LinkedIn accounts. Five guardrails always apply:

  1. Workspace scoping on every call. Your API key resolves to exactly one workspace. Every query is filtered by that workspace id — there is no path to read or mutate another tenant's data.
  2. Scheduler-first execution. LinkedIn invite/message/view calls never happen inline from MCP. The scheduler owns the rate limits, ramp schedule, and per-account safety caps. Enrolling 1,000 prospects at once still sends at the safe rate.
  3. LinkedIn daily/weekly limits & 4-week ramp are non-negotiable. A new account starts at ~10 invites/day and grows over 4 weeks to safe maximums (50 invites/day, 150 messages/day). MCP cannot raise these — account safety always wins over speed.
  4. Per-mailbox sending pacer and warmup [ref: XXXX] tag stay intact. MCP does not expose any tool that modifies or removes the warmup subject-line identifier or bypasses per-mailbox daily caps.
  5. No account connect / disconnect / delete tools. Connecting and disconnecting email or LinkedIn accounts stays in the UI. No delete_campaign, delete_mailbox, or delete_account tools exist in V1 — soft-cancel via pause/archive only.

Read more about the LinkedIn safety model in our LinkedIn Safety FAQ.

Rate limits

Limits are per-workspace, sliding 60-second window, backed by Upstash Redis. These are in addition to — not replacing — the scheduler's hard LinkedIn/Unipile caps.

Tool category Budget (calls / minute) Typical tools
Read 120 list_*, get_*
Write (non-LinkedIn) 30 create_campaign, update_prospect, pause_campaign, resume_campaign, add_to_suppression_list
LinkedIn writes 10 pause_linkedin_campaign, resume_linkedin_campaign, enroll_in_linkedin_campaign
Bulk 5 bulk_create_prospects, bulk_update_warmup

Exceeding a budget returns a rate_limited error with a retry_after_seconds field so your assistant knows when to retry.

Error codes

MCP tools use JSON-RPC error codes. The WarmySender server reserves the -32000…-32099 range for protocol-specific errors on top of the standard JSON-RPC codes.

Code Name Meaning
-32001 insufficient_scope The tool requires a scope your API key doesn't have. error.data.missing lists the missing scopes.
-32002 rate_limited Per-workspace per-minute budget exceeded. error.data.retry_after_seconds tells you when to retry.
-32003 idempotency_conflict The same idempotency_key was reused with different arguments. Change the key or the args.
-32004 unauthorized Bearer token missing, invalid, revoked, or the session expired.
-32602 invalid_params Tool arguments failed Zod validation. error.data.issues shows which fields failed and why.
-32603 internal_error Anything else thrown by the handler. Stack trace is in server logs; the response includes a request_id to quote in support.

Frequently asked questions

Which MCP clients work with WarmySender?

Anything that speaks the Model Context Protocol 2025-11 Streamable HTTP spec. We've tested Claude Desktop, Claude Code, Cursor, Windsurf, and Zed. Continue, Cline, Goose, and other MCP clients should also work — just point them at https://warmysender.com/mcp with your Bearer token. Older stdio-only clients (early Claude Desktop builds) can use the npx mcp-remote bridge shown in the snippets above.

Is there an OAuth option instead of an API key?

Not yet. V1 uses Bearer authentication with WarmySender API keys (the same ws_ keys you use for our REST API). OAuth 2.1 + Client ID Metadata Documents — the MCP spec's recommended flow — is on the roadmap. API keys ship today with zero new infrastructure and cover the same scopes.

Can I expose this to other AI tools — ChatGPT, Gemini, custom agents?

Yes. MCP is a transport-neutral protocol. Any client that implements Streamable HTTP with Bearer auth can connect. For bespoke integrations, use the official @modelcontextprotocol/sdk in Node/Python and pass the Authorization header in each request.

Does connecting via MCP cost anything extra?

No. MCP usage is included in all paid plans (Pro, Business, Enterprise, and the Starter legacy plan). The only cost is the subscription you're already paying. LinkedIn add-on seats ($9/seat/month) still apply if you call LinkedIn tools.

How do I revoke access?

Revoke the API key in Settings > API Keys. Revocation is instant; the next MCP call from any client using that key gets an unauthorized error. You can also narrow the scopes on a key to tighten what the AI can do without fully revoking access.

Can the AI accidentally ban my LinkedIn account or burn my sending reputation?

No. Every LinkedIn action routes through our scheduler, which enforces Unipile/LinkedIn per-account daily and weekly limits plus the 4-week ramp schedule. Every email send respects the per-mailbox pacer, domain caps, and warmup ramp. MCP cannot bypass any of these — if your AI asks to enroll 500 prospects at once, the scheduler still sends at the safe rate. Connecting and disconnecting accounts stays in the UI for the same reason.