Connect from Cursor

Server URLhttps://api.stockphotomcp.com/mcp
  1. 1

    Add the server

    Add the server to your project's .cursor/mcp.json (or the global MCP settings):

    {
      "mcpServers": {
        "stock-photos": {
          "url": "https://api.stockphotomcp.com/mcp"
        }
      }
    }
  2. 2

    Sign in

    The first time its agent reaches for the server, Cursor prompts you to sign in — approve with Google in the browser and it's connected, with no key to paste.

  3. 3

    Try it

    Its agent can then pull licensed-imagery options into a design task: search, compare the numbered contact sheet, and place a watermarked preview with its attribution and license link.

Headless, agents, and CI

Some clients have no browser to open, so the interactive sign-in can't run: a coding agent in a devcontainer, a CI job, a cron worker, a server-side script. An API key covers all of them. The server checks it as a bearer token on every request, with no sign-in step, so an agent connects on its own.

Mint a key in your dashboard (you'll see it once), then keep it in an environment variable named STOCK_PHOTO_MCP_KEY so the secret never lands in committed config.

For a repo an agent works in, commit a .mcp.json that reads the key from that variable. Every session in the project gets the tools with nothing to run:

{
  "mcpServers": {
    "stock-photos": {
      "type": "http",
      "url": "https://api.stockphotomcp.com/mcp",
      "headers": {
        "Authorization": "Bearer ${STOCK_PHOTO_MCP_KEY}"
      }
    }
  }
}

On a single machine, one command does it instead. The shell fills in the key from the same variable, and Claude Code stores the server in your config:

claude mcp add --transport http stock-photos https://api.stockphotomcp.com/mcp --header "Authorization: Bearer $STOCK_PHOTO_MCP_KEY"

The .mcp.json form keeps the token in the environment and out of the file, so it's safe to commit. Claude Code asks you to approve the workspace the first time it connects to a project .mcp.json. A raw Authorization: Bearer spm_your_api_key header works for any other client that lets you set one.