Connect generates everything an agent needs to use a latch, for the latch you select. You should never be pasting a token into a config file by hand.
What it gives you
- MCP configuration for Claude Code, Claude Desktop, Cursor, and OpenClaw, with the file path each one wants.
- Environment variables:
LATCH_URL,LATCH_TOKEN. - An agent prompt describing what this specific latch can do: its methods, its endpoints, its rate limits, its mounts, its budget. Drop it into the agent's instructions and it will stop guessing.
- A capability preview: what the agent will and will not be able to do.
- A test console to exercise the latch before you hand it over.
The three tools an agent gets
Over MCP, a Latch-connected agent has:
| Tool | What it does |
|---|---|
latch_capabilities |
"What am I allowed to do?" Returns this latch's scope. |
latch_authorize |
"Would this request be allowed?" A decision, with no call made. |
latch_proxy |
Actually make the call. |
latch_capabilities is the one that changes agent behaviour. An agent that can ask
what it is permitted to do will stop attempting things it cannot do, which turns a
wall of denials into a short list of options.
Without MCP
Any HTTP client works. Set the base URL to https://onlatch.com/proxy and the bearer
token to the lat_… token. Most SDKs let you override the base URL, which is the
entire integration:
client = OpenAI(
api_key="lat_9f3c…", # the latch, not your OpenAI key
base_url="https://onlatch.com/proxy",
)
The well-behaved agent never knows Latch is there. It just has less power than it thinks.
Related
- Proxy API: the full contract.
- The pipeline: what the agent's requests are evaluated against.