Quickstart
Use REST when you are building an app. Use MCP when you are connecting an agent. This quickstart creates the first CRM contact in your Slab5 personal workspace and verifies that the same workspace, scope, audit, and usage model applies.
Before you start
You need three things:
- A Slab5 account.
- A personal workspace, created automatically when the control plane is first opened.
- A terminal that can run
curl.
The personal workspace is isolated from other workspaces. It should have product modules enabled and enough testing quota for first API and MCP calls.
1. Open your personal workspace
After account creation, Slab5 should land you in a personal workspace. The workspace should show:
- Workspace name and slug.
- API base URL.
- MCP endpoint.
- Credential creation controls.
- Links to audit logs and usage.
Use the endpoints shown in your workspace. Hosted Slab5 workspaces use this shape:
API base URL: https://api.slab5.com/v1
MCP endpoint: https://mcp.slab5.com/v12. Create credentials
Create two credentials in the personal workspace:
- A workspace API key for REST.
- A workspace MCP token for agent clients.
For the first workflow, use these scopes:
crm:read
crm:write
tasks:write
activity:writeStore the raw secrets only in your shell, local secret manager, or an uncommitted local env file. Slab5 shows the full secret once.
3. Export endpoints and secrets
In your terminal, export the personal workspace values:
export SLAB5_API_BASE_URL=https://api.slab5.com/v1
export SLAB5_MCP_URL=https://mcp.slab5.com/v1
export SLAB5_WORKSPACE_API_KEY=slab5_personal_workspace_api_key
export SLAB5_WORKSPACE_MCP_TOKEN=slab5_personal_workspace_mcp_tokenUse the API key for REST calls and the MCP token for MCP calls.
4. Make the first REST call
Check that the API key resolves to your personal workspace:
curl "$SLAB5_API_BASE_URL/workspace" \
-H "Authorization: Bearer $SLAB5_WORKSPACE_API_KEY"Then create the first CRM contact:
curl -X POST "$SLAB5_API_BASE_URL/contacts" \
-H "Authorization: Bearer $SLAB5_WORKSPACE_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "Jane Doe",
"email": "jane@acme.com",
"company_name": "Acme Corp",
"idempotency_key": "contact_jane_doe_acme"
}'Expected response shape:
{
: var(--shiki-token-string)">"color: var(--shiki-token-parameter)">: var(--shiki-token-string)">"data": {
: var(--shiki-token-string)">"color: var(--shiki-token-parameter)">: var(--shiki-token-string)">"id": : var(--shiki-token-string)">"contact_uuid",
: var(--shiki-token-string)">"color: var(--shiki-token-parameter)">: var(--shiki-token-string)">"name": : var(--shiki-token-string)">"Jane Doe",
: var(--shiki-token-string)">"color: var(--shiki-token-parameter)">: var(--shiki-token-string)">"email": : var(--shiki-token-string)">"jane@acme.com",
: var(--shiki-token-string)">"color: var(--shiki-token-parameter)">: var(--shiki-token-string)">"company_name": : var(--shiki-token-string)">"Acme Corp",
: var(--shiki-token-string)">"color: var(--shiki-token-parameter)">: var(--shiki-token-string)">"source": : var(--shiki-token-string)">"api"
},
: var(--shiki-token-string)">"color: var(--shiki-token-parameter)">: var(--shiki-token-string)">"request_id": : var(--shiki-token-string)">"req_123"
}Write requests should include an idempotency_key so retries do not create duplicate records.
5. Make the first MCP call
List available tools through the MCP JSON-RPC route:
curl -X POST "$SLAB5_MCP_URL" \
-H "Authorization: Bearer $SLAB5_WORKSPACE_MCP_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"jsonrpc": "2.0",
"id": "tools-1",
"method": "tools/list"
}'The response should include tools such as create_contact, search_contacts, create_task, log_activity, and get_workspace_summary.
Create the same contact through MCP:
curl -X POST "$SLAB5_MCP_URL" \
-H "Authorization: Bearer $SLAB5_WORKSPACE_MCP_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"jsonrpc": "2.0",
"id": "contact-1",
"method": "tools/call",
"params": {
"name": "create_contact",
"arguments": {
"name": "Jane Doe",
"email": "jane@acme.com",
"company_name": "Acme Corp",
"idempotency_key": "mcp_contact_jane_doe_acme"
}
}
}'Expected response shape:
{
: var(--shiki-token-string)">"color: var(--shiki-token-parameter)">: var(--shiki-token-string)">"jsonrpc": : var(--shiki-token-string)">": var(--shiki-token-constant)">2.: var(--shiki-token-constant)">0",
: var(--shiki-token-string)">"color: var(--shiki-token-parameter)">: var(--shiki-token-string)">"id": : var(--shiki-token-string)">"contact-: var(--shiki-token-constant)">1",
: var(--shiki-token-string)">"color: var(--shiki-token-parameter)">: var(--shiki-token-string)">"result": {
: var(--shiki-token-string)">"color: var(--shiki-token-parameter)">: var(--shiki-token-string)">"structuredContent": {
: var(--shiki-token-string)">"color: var(--shiki-token-parameter)">: var(--shiki-token-string)">"status": : var(--shiki-token-string)">"executed",
: var(--shiki-token-string)">"color: var(--shiki-token-parameter)">: var(--shiki-token-string)">"tool": : var(--shiki-token-string)">"create_contact",
: var(--shiki-token-string)">"color: var(--shiki-token-parameter)">: var(--shiki-token-string)">"request_id": : var(--shiki-token-string)">"req_456",
: var(--shiki-token-string)">"color: var(--shiki-token-parameter)">: var(--shiki-token-string)">"contact": {
: var(--shiki-token-string)">"color: var(--shiki-token-parameter)">: var(--shiki-token-string)">"id": : var(--shiki-token-string)">"contact_uuid",
: var(--shiki-token-string)">"color: var(--shiki-token-parameter)">: var(--shiki-token-string)">"name": : var(--shiki-token-string)">"Jane Doe",
: var(--shiki-token-string)">"color: var(--shiki-token-parameter)">: var(--shiki-token-string)">"email": : var(--shiki-token-string)">"jane@acme.com"
}
}
},
: var(--shiki-token-string)">"color: var(--shiki-token-parameter)">: var(--shiki-token-string)">"request_id": : var(--shiki-token-string)">"req_456"
}Every write response includes a request_id so the action can be correlated with logs, audit events, and usage events.
6. Verify audit and usage
After the REST and MCP calls, the workspace should contain:
- CRM contacts named
Jane Doe. - Audit events for
contact.createdwith request IDs. - Usage events for the REST API request and MCP tool call.
If a scope is missing, Slab5 returns a structured error:
{
: var(--shiki-token-string)">"color: var(--shiki-token-parameter)">: var(--shiki-token-string)">"error": {
: var(--shiki-token-string)">"color: var(--shiki-token-parameter)">: var(--shiki-token-string)">"code": : var(--shiki-token-string)">"missing_required_scope",
: var(--shiki-token-string)">"color: var(--shiki-token-parameter)">: var(--shiki-token-string)">"message": : var(--shiki-token-string)">"This token needs crm:write to call create_contact.",
: var(--shiki-token-string)">"color: var(--shiki-token-parameter)">: var(--shiki-token-string)">"required_scope": : var(--shiki-token-string)">"crm:write",
: var(--shiki-token-string)">"color: var(--shiki-token-parameter)">: var(--shiki-token-string)">"request_id": : var(--shiki-token-string)">"req_123",
: var(--shiki-token-string)">"color: var(--shiki-token-parameter)">: var(--shiki-token-string)">"docs_url": : var(--shiki-token-string)">"https://docs.slab5.com/errors/missing_required_scope"
}
}What comes next
- Read Personal workspace lifecycle to understand default workspaces, credentials, audit, usage, billing-gated workspace creation, and promotion.
- Read Connect an agent for client-specific MCP setup.
- Browse MCP tools to see schemas, scopes, examples, and API equivalents.
- Browse API reference for the REST contract.
- Review Request correlation before wiring support or observability flows.
- Review Idempotency and retries before implementing write retries.
- Review Errors before implementing retries or support flows.