What is the Huhu MCP server?

A Model Context Protocol (MCP) server that lets AI assistants like Claude, Claude Desktop and Cursor call Huhu's phone number spam detection API directly. Same data as the REST API: Hiya, Truecaller and Orange combined.

How do I connect Claude Desktop to Huhu MCP?

Two options: (1) In Claude.ai web, add a Custom Connector with URL https://num.huhu.fr/mcp and leave Client ID and Secret empty — Huhu uses OAuth 2.1 Dynamic Client Registration. You'll approve access once and you're connected. (2) For Claude Desktop or custom agents, paste your Huhu API key from https://num.huhu.fr/app/api-dashboard as a Bearer token.

Does Huhu MCP support OAuth?

Yes. Full OAuth 2.1 with Dynamic Client Registration (RFC 7591), PKCE (RFC 7636) and Protected Resource Metadata (RFC 9728). Compatible with Claude.ai Custom Connectors out of the box — leave the Client ID and Secret fields empty and Claude auto-registers.

How much does it cost to use the Huhu MCP server?

The MCP server itself is free. Phone number verifications consume credits from your Huhu account (1 credit per number). Reading balance and history is free.

What tools are exposed by the Huhu MCP server?

Four tools: verify_number (single E.164 phone number), verify_bulk (up to 100 numbers per call), get_balance (credit balance and plan) and get_history (recent verifications).

MODEL CONTEXT PROTOCOLv1.0

HUHU MCP

Q: Which AI clients work with Huhu MCP?

Any client supporting MCP Streamable HTTP transport: Claude Desktop, Claude.ai web (Custom Connectors), Cursor, Cline, Continue, Zed and any LLM agent using the @modelcontextprotocol/sdk.

Plug Claude Desktop, Claude.ai, Cursor and any MCP-compatible AI agent straight into HUHU's phone spam database. One URL, your API key, and your AI can verify numbers, read your balance and browse history — without leaving the chat.

Get my API key →60s quickstart

Why MCP?

⚡

ZERO PLUMBING

No wrapper, no glue code. AIs call MCP tools directly. One URL, one token, live in Claude Desktop in 30 seconds.

🔌

MULTI-CLIENT

Open MCP 2025 standard. Claude Desktop, Claude.ai web (Custom Connectors), Cursor, Cline, Continue, Zed — one server for all of them.

🔒

SAME API, SAME SECURITY

Wraps the same documented REST API. Same rate limits, same credits, same guarantees. Bearer authentication with your existing API key.

Connect in 60 seconds

Pick your AI client. Paste the config. Done.

SERVER URL

https://num.huhu.fr/mcp

TRANSPORT

Streamable HTTP

AUTH

Bearer <API key>

Generate my API key →

1. Claude Desktop

Add this block to your Claude Desktop config file: ~/Library/Application Support/Claude/claude_desktop_config.json

json

{
  "mcpServers": {
    "huhu-spam-check": {
      "transport": "streamable-http",
      "url": "https://num.huhu.fr/mcp",
      "headers": {
        "Authorization": "Bearer YOUR_HUHU_API_KEY"
      }
    }
  }
}

2. Claude.ai (Web) — Custom Connectors

In Claude.ai → Settings → Custom Connectors → Add MCP Server:

config

Server name:      huhu-spam-check
Server URL:       https://num.huhu.fr/mcp
Transport:        Streamable HTTP
Authentication:   Bearer token
Token:            YOUR_HUHU_API_KEY

3. Cursor / Cline / Continue

Add to your Cursor MCP config file: .cursor/mcp.json

json

{
  "mcpServers": {
    "huhu-spam-check": {
      "url": "https://num.huhu.fr/mcp",
      "headers": {
        "Authorization": "Bearer YOUR_HUHU_API_KEY"
      }
    }
  }
}

NEW · 2026

OAuth 2.1 — For Claude.ai & advanced agents

No need to share your API key. Sign in with your HUHU account like any modern app.

DANS CLAUDE.AI / CUSTOM CONNECTORS

Server URL

https://num.huhu.fr/mcp

OAuth Client ID

(leave empty)DCR auto · no secret needed

OAuth Client Secret

(leave empty)DCR auto · no secret needed

How it works

1Claude.ai performs Dynamic Client Registration at /oauth/register — gets an ephemeral client_id
2You're redirected to our consent page (brutalist huhu style) listing the requested scopes
3You click Authorize → we mint an OAuth code with PKCE S256
4Claude exchanges the code for an access token (your HUHU API key, 1-year lifetime)
5Claude calls /mcp with this Bearer for every tool — verify_number, verify_bulk, etc.

OAuth endpoints

GET /.well-known/oauth-authorization-server
GET /.well-known/oauth-protected-resource
POST /oauth/register (DCR)
GET /oauth/authorize
POST /oauth/token

Revocation

To revoke access, regenerate your API key on the dashboard. All associated OAuth sessions are invalidated immediately.

→ Dashboard clés API

Exposed tools

Four tools, all documented so AIs use them correctly.

verify_number1 credit

Check whether a phone number is flagged as spam, robocall, scam or fraud. Combined signal from Hiya + Truecaller + Orange. Returns score 0-100, spam type, carrier. Consumes 1 credit.

ARGUMENTS

{ phoneNumber: string (E.164) }

EXAMPLE

"+33612345678"

verify_bulk1 credit / number

Run spam checks on up to 100 phone numbers in a single request. Returns an array with one result per number. Consumes 1 credit per number.

ARGUMENTS

{ phoneNumbers: string[], stopOnError?: boolean }

EXAMPLE

["+33612345678", "+14155552671"]

get_balanceFREE

Returns the user's credit balance and active plan. Free — useful before a large verify_bulk.

ARGUMENTS

{}

EXAMPLE

—

get_historyFREE

List the user's recent verifications, most recent first. Free. Filterable by phone number.

ARGUMENTS

{ page?: number, limit?: number, phoneNumber?: string }

EXAMPLE

{ "limit": 10 }

Raw protocol (HTTP)

For agents speaking MCP directly, without an SDK.

1. Initialize — JSON-RPC 2.0 handshake

curl

curl -X POST https://num.huhu.fr/mcp \
  -H "Authorization: Bearer YOUR_HUHU_API_KEY" \
  -H "Content-Type: application/json" \
  -H "Accept: application/json, text/event-stream" \
  -d '{
    "jsonrpc": "2.0",
    "id": 1,
    "method": "initialize",
    "params": {
      "protocolVersion": "2025-06-18",
      "capabilities": {},
      "clientInfo": { "name": "test-client", "version": "1.0" }
    }
  }'

2. List available tools

curl

curl -X POST https://num.huhu.fr/mcp \
  -H "Authorization: Bearer YOUR_HUHU_API_KEY" \
  -H "Content-Type: application/json" \
  -H "Accept: application/json, text/event-stream" \
  -d '{ "jsonrpc": "2.0", "id": 2, "method": "tools/list" }'

3. Call verify_number

curl

curl -X POST https://num.huhu.fr/mcp \
  -H "Authorization: Bearer YOUR_HUHU_API_KEY" \
  -H "Content-Type: application/json" \
  -H "Accept: application/json, text/event-stream" \
  -d '{
    "jsonrpc": "2.0",
    "id": 3,
    "method": "tools/call",
    "params": {
      "name": "verify_number",
      "arguments": { "phoneNumber": "+33612345678" }
    }
  }'

4. With the official MCP SDK (TypeScript / Node)

typescript

import { Client } from '@modelcontextprotocol/sdk/client/index.js';
import { StreamableHTTPClientTransport } from '@modelcontextprotocol/sdk/client/streamableHttp.js';

const transport = new StreamableHTTPClientTransport(new URL('https://num.huhu.fr/mcp'), {
  requestInit: {
    headers: { 'Authorization': 'Bearer ' + process.env.HUHU_API_KEY }
  }
});

const client = new Client({ name: 'my-agent', version: '1.0' }, { capabilities: {} });
await client.connect(transport);

const tools = await client.listTools();
console.log(tools);

const result = await client.callTool({
  name: 'verify_number',
  arguments: { phoneNumber: '+33612345678' }
});
console.log(result.content);

Discovery manifest

AI agents can auto-configure the server by reading this public manifest:

GET https://num.huhu.fr/.well-known/mcp.json

Rate limits & security

RATE LIMITS

• 300 requêtes / minute par clé API
• Pas de rate limit séparé sur /mcp (hérité de /api)
• HTTP 429 si dépassement, retry après ~60s

AUTHENTICATION

• OAuth 2.1 + DCR + PKCE — Claude.ai, Claude Desktop
• Bearer token (votre clé API) — agents custom
• JWT supporté (sessions dashboard)
• Révocation : régénérez votre clé API sur le dashboard

FAQ

What is MCP exactly?

Model Context Protocol — an open standard launched by Anthropic in 2024 that lets AIs (Claude, etc.) safely call external tools in a structured way. It's the official layer between an AI and your APIs.

How much does it cost?

The MCP server is free. Phone number verifications consume your usual HUHU credits (1 credit / number). Reading balance and history is free.

Which AI clients work with it?

Any client supporting the Streamable HTTP transport: Claude Desktop, Claude.ai (Custom Connectors), Cursor, Cline, Continue, Zed, and any custom agent based on @modelcontextprotocol/sdk.

How is it different from the REST API?

It isn't — it's the exact same API, exposed through MCP instead of REST. Same data, same credits, same rate limits. The MCP server is an official wrapper for AIs.

OAuth?

Yes — full OAuth 2.1 with Dynamic Client Registration (RFC 7591) and PKCE (RFC 7636). In Claude.ai, leave the Client ID and Secret fields empty: Claude handles DCR automatically. You approve access once on our consent page and you're connected. Simple Bearer token still supported for custom agents.

Hook your AI up in 60 seconds

Grab your HUHU API key, paste the config into Claude Desktop, and your AIs can now detect spam phone numbers in real time.

Get my API key →