Quick start (no technical setup)
If your company uses Claude, connecting Hashrights takes about two minutes:
- In Hashrights, go to Account Settings → API & AI access → Create key and copy your key (it starts with
hr_live_). - Using Claude Code? Paste this one command into the terminal, with your key filled in:
claude mcp add hashrights --env HASHRIGHTS_API_KEY=hr_live_... -- npx -y @hashrights/mcp - Using Claude Desktop or Cowork? Open Settings → Connectors (or Developer) and add the snippet from the “Connect your AI client” section below — or simply paste this whole page into Claude and ask it to walk you through setup.
- Then just talk: “Here's my spreadsheet of sold accounts — set up my collections in Hashrights.”
Using Claude on the web (claude.ai)? A hosted connector is on our roadmap — for now, setup runs through Claude Code, Claude Desktop, or Cowork.
1. Get an API key
In the app, go to Account Settings → API & AI access → Create key. The full key (hr_live_…) is shown exactly once — copy it immediately. Keys are account-scoped, act as an account admin over the API, and can be revoked at any time. Only owners and admins can manage keys.
2. Connect your AI client
Claude Desktop — add to claude_desktop_config.json:
{
"mcpServers": {
"hashrights": {
"command": "npx",
"args": ["-y", "@hashrights/mcp"],
"env": { "HASHRIGHTS_API_KEY": "hr_live_..." }
}
}
}Claude Code — one command:
claude mcp add hashrights --env HASHRIGHTS_API_KEY=hr_live_... -- npx -y @hashrights/mcp3. Talk to it
Example prompts once connected:
- “Here's a CSV export from Salesforce — create a collection called Q3 Enterprise Dataset and mark every closed-won account as already sold.”
- “Which of these 200 companies are already in the Hashrights registry?”
- “Create draft collections for each product line in this spreadsheet, then publish them.”
- “What's waiting in my clearance queue?”
Running a Salesforce or Google Drive MCP server alongside works naturally — the AI reads from your source system and writes to Hashrights in the same conversation.
Tools
get_started— the recommended ingestion workflow.list_collections— collections with status and ledger buyer counts.create_collections— batch create/update. Passexternal_id(your CRM record id) to make re-runs idempotent; optionally attachcustomer_domainsto mark buyers sold in the same call.publish_collection— make a draft visible to invited partners.resolve_companies— batch-match names/domains against the global registry (messy URLs and emails are normalized server-side). Returns matched / ambiguous / missing.add_companies— register companies the registry is missing.mark_buyers_sold— append buyers to a collection's ledger (blocks partner requests; cannot be undone).list_opportunities/browse_partner_marketplace— read-only workflow visibility. Approvals and closes stay in the app.
Raw HTTP API
The same endpoints work without MCP for scripts and integrations:
Base URL: https://knyzxlyayuxcpgxplpbv.supabase.co/functions/v1
Header: Authorization: Bearer hr_live_...
Method: POST (JSON bodies)POST /collections-create
{
"collections": [{
"name": "Q3 Enterprise Dataset",
"description": "optional",
"external_id": "crm_12345",
"publish": true,
"customer_domains": ["acme.com", "https://www.globex.co/about"]
}]
}Up to 20 collections per call, 500 domains each. Domains are normalized and hashed server-side. Re-running with the same external_id returns the existing collection. Unmatched domains are reported back — they are never auto-added to the registry.
POST /customers-resolve
{ "companies": [{ "name": "Acme Corp", "domain": "acme.com" }] }Up to 200 per call. Each result is matched, ambiguous (with candidates), missing, or invalid.
POST /customers-create
{ "companies": [{ "name": "NewCo", "domain": "newco.io", "country": "US" }] }Up to 500 per call. Existing domains return as `existing` — never duplicated.
POST /collection-ledger-add
{ "collection_id": "uuid", "customer_ids": ["uuid", "uuid"] }Up to 500 ids per call. Append-only.
POST /collections-list
{ "status": "published", "external_id": "crm_12345", "name_query": "enterprise" }Security notes
- Keys are stored hashed; the full value is only shown at creation.
- Revoking a key takes effect immediately.
- Customer-list privacy is unchanged: the API exposes the same redacted views as the app.