GiveRadar MCP Server

JSON-RPC 2.0 MCP 2024-11-05 4 tools Programmatic access to 8.7M+ verified charity profiles across 60+ countries.

This URL is the Model Context Protocol endpoint for AI agents and MCP-aware clients (Claude Desktop, custom orchestration, agent SDKs). It speaks JSON-RPC 2.0 over HTTP POST; a browser GET lands you here, on this explainer. There is no human UI - you want the charity search or the REST API documentation.

Endpoint

URL

https://giveradar.com/mcp/

Method

POST with Content-Type: application/json

Discovery

/.well-known/mcp.json and /.well-known/ai-plugin.json

Auth

None required for read-only methods (see Auth roadmap below).

Rate limit

60 tools/call/min/IP (enforced); ~60 req/min/IP general soft cap.

License

CC-BY-4.0 - please attribute "GiveRadar (giveradar.com)".

Methods

initialize - required MCP handshake
resources/list - paginated charity catalog (params: country ISO-3166-1 alpha-2, cursor, limit)
resources/read - full schema.org JSON-LD + FAQs for one charity (URI: gr://charity/<slug> or the canonical HTTPS URL)
tools/list - enumerate the 4 callable tools below
tools/call - invoke one of the tools
prompts/list - empty (no prompt templates)
ping, notifications/initialized - protocol bookkeeping

Tools

Beyond browsing, the server exposes 4 opinionated tools that operate on GiveRadar's curated charity data. These are what make this more than a REST API mirror - they encode the platform's integrity methodology and registry-aware identifier lookup.

search_charities(query, country?, limit?) - name search; returns slug+score+location.

compare_charities(slugs[2..5]) - side-by-side integrity, program/admin/fundraising ratios, verdict on strongest transparency signal.

find_similar(slug, limit?) - same country + category, ranked by integrity score.

verify_charity(country, id_value) - look up by official registry ID (EIN / Charity Number / RSIN / Ditjen AHU number / etc.).

Example: `initialize`

Every MCP session starts with initialize. The server returns its protocolVersion, capabilities, and a short instructions string.

Request

curl -s -X POST -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":1,"method":"initialize",
       "params":{"protocolVersion":"2024-11-05",
                 "capabilities":{},
                 "clientInfo":{"name":"my-agent","version":"0.1"}}}' \
  https://giveradar.com/mcp/

Response (abbreviated)

{
  "jsonrpc": "2.0", "id": 1,
  "result": {
    "protocolVersion": "2024-11-05",
    "capabilities": {
      "resources": {"listChanged": false, "subscribe": false},
      "tools":     {"listChanged": false},
      "prompts":   {"listChanged": false}
    },
    "serverInfo": {"name": "giveradar-mcp", "version": "1.0.0"},
    "instructions": "GiveRadar exposes 8.7M+ charity profiles via MCP. Use `resources/list` with optional country filter (ISO 3166-1 alpha-2) to discover charities, then `resources/read` with a `gr://charity/<slug>` URI for full schema.org JSON-LD + FAQs. Sensitive fields gated on the website (email, phone, full officer names) are NOT exposed via this endpoint by design."
  }
}

The instructions field is what MCP-aware LLM clients actually read to decide WHEN to call this server vs. ignore it. Verbatim text above; no truncation.

Example: list Indonesian charities

curl -s -X POST -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":2,"method":"resources/list",
       "params":{"country":"ID","limit":5}}' \
  https://giveradar.com/mcp/

Example: read one charity (full schema + FAQs)

curl -s -X POST -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":3,"method":"resources/read",
       "params":{"uri":"gr://charity/yayasan-bumi-sehat-ds-pkr-nyuh-kuning"}}' \
  https://giveradar.com/mcp/

Example: compare two charities

curl -s -X POST -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":4,"method":"tools/call",
       "params":{"name":"compare_charities",
                 "arguments":{"slugs":["unicef","oxfam"]}}}' \
  https://giveradar.com/mcp/

Pagination semantics

resources/list uses opaque-but-stable cursor pagination. Order is alphabetical by slug within a country, so two consecutive calls on a stable dataset return non-overlapping pages. The limit parameter is clamped to 1..100 (default 50); requests asking for more get silently capped at 100. The cursor value is a slug - opaque from the client's perspective, but literally the last slug of the previous page. Iterate until nextCursor is absent from the response. If the dataset changes mid-iteration (new charity added with a slug in the already- paged range), the new row may be missed until the next full pass; this is the conventional cursor trade-off and acceptable for a read-only catalog.

Tiers and field gating

MCP mirrors the REST tiering so it is not a paid-API bypass. Authenticate with the same API keys as REST: Authorization: Bearer gr_xxxxx (or ?api_key=gr_xxxxx).

Tier	Daily quota	Fields included
Anonymous	50 / day / IP	Free (see below)
Free key	100 / day / key	Free
Pro key ($99/mo)	10,000 / day	Free + Pro
Enterprise	100,000 / day	Free + Pro

Quota counts billed methods (resources/list, resources/read, tools/call) at 1 unit each. initialize, ping, tools/list, prompts/list, notifications are free.

Free fields (all tiers, including anonymous)

name, slug, country, city, state, foundation_type, category, integrity_score, mission, description, founded year, FAQs, logo, website, social URLs (sameAs: Facebook/Instagram/LinkedIn/X/YouTube/Wikipedia), and all official registry identifiers (registration_number, EIN, UK Charity Number, Ditjen AHU number, RSIN, etc.).

Pro-only fields

annual_revenue, program_spend_pct, admin_spend_pct, fundraising_spend_pct, donation_url, annual_report_url. Anonymous and free responses include a pro_fields_omitted list plus an upgrade URL so clients can advertise the gap to the human.

Never exposed (regardless of tier)

Email addresses, phone numbers, full officer names and individual compensation. These are gated on the public HTML site for the same reason; MCP enforces the same gating.

Rate limiting (burst)

Two layers in addition to the daily-quota tiering above:

tools/call burst cap at 60 calls / minute / IP for anonymous callers (authenticated keys are bounded only by their daily quota). Returns JSON-RPC -32000 with a human-readable retry in Ns message when exceeded.
Everything else (resources/list, resources/read, initialize, ping) is bounded by the daily quota above plus the site-wide Cloudflare WAF (sustained >~60 req/min/IP returns HTTP 429 at the edge).

If you intend to mirror or do a bulk crawl, please email info@giveradar.com first - we will allow-list you and likely save you time by shipping a dump. Hard quotas + API-key-scoped MCP access will land alongside the OAuth 2.1 roadmap below.

Auth roadmap

MCP read methods are public and unauthenticated. The protocol has evolved twice since this server's pinned 2024-11-05 version: 2025-03-26 introduced OAuth 2.1 as the standard authentication transport, and 2025-11-25 is current at time of writing. We will upgrade the wire version when the broader client matrix (Claude Desktop releases, mcp-remote, the major agent SDKs) actually negotiates it - bumping the string without implementing the matching transport and auth semantics would be dishonest.

Until then, write operations remain on the REST surface with the existing Authorization: Bearer gr_xxxxx API-key scheme (REST docs).

Connect from Claude Desktop

The most reliable way to attach a remote MCP server today is the mcp-remote bridge, which works across every current Claude Desktop release regardless of which HTTP transport variant the local client supports. Add to ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or the equivalent on Windows / Linux:

{
  "mcpServers": {
    "giveradar": {
      "command": "npx",
      "args": ["-y", "mcp-remote", "https://giveradar.com/mcp/"]
    }
  }
}

Restart Claude Desktop; "giveradar" will appear in the MCP server list. If your client already supports the Streamable HTTP transport natively, the direct configuration is also accepted:

{
  "mcpServers": {
    "giveradar": {
      "transport": "streamable-http",
      "url": "https://giveradar.com/mcp/"
    }
  }
}

Discovery files

Two manifests are published so clients on either side of the MCP / OpenAI-plugin lineage can auto-discover:

/.well-known/mcp.json - MCP-native manifest. Includes the method list, tool catalog, pagination semantics, rate-limit policy, auth roadmap, and a gated_fields_not_exposed hint.
/.well-known/ai-plugin.json - legacy OpenAI-style plugin manifest. Includes name_for_human, name_for_model, a detailed description_for_model telling LLMs WHEN to invoke this plugin (verify nonprofits, compare charities, look up registry IDs - Ditjen AHU for ID, EIN for US, etc.), and a pointer to our public OpenAPI YAML for the REST surface. Dual-publishing covers the older ChatGPT plugin ecosystem and the newer MCP discovery standard.

robots.txt

AI crawlers (GPTBot, ClaudeBot, PerplexityBot, Google-Extended) are explicitly Allow'd on the entire public site, and the MCP discovery files at /.well-known/mcp.json, /.well-known/ai-plugin.json, plus /mcp/ itself are listed as Allow targets. The MCP endpoint is the preferred path for structured machine consumption - agents that speak MCP should prefer it over HTML scraping.

Sensitive fields gated on the website (email, phone, full officer names) are NOT exposed via this endpoint by design. For full data access via REST with an API key, see the REST API docs.