Skip to main content
MCP Apps SDK 
import { App } from "@modelcontextprotocol/ext-apps";

Overview

openLink requests the host to open a URL in the user’s browser. Since MCP Apps run inside sandboxed iframes, they cannot navigate directly or open new windows. This method delegates link opening to the host, which can apply its own security policies (such as URL allowlists or user confirmation dialogs) before opening the link. The host may deny the request, in which case isError will be true in the response.

Signature

async openLink(
  params: { url: string },
  options?: RequestOptions,
): Promise<{ isError?: boolean }>

Parameters

params
object
required
The link parameters.
url
string
required
The URL to open. Must be a valid absolute URL (e.g., https://docs.example.com). The host may restrict which URL schemes and domains are allowed.
options
RequestOptions
Optional request configuration.
signal
AbortSignal
An AbortSignal to cancel the request.

Returns

result
object
isError
boolean
true if the host denied the link request (e.g., blocked URL scheme, user cancelled). When absent or false, the link was opened.

Usage

const { isError } = await app.openLink({
  url: "https://docs.example.com",
});
if (isError) {
  console.warn("Link request denied by host");
}

viewDocsButton.addEventListener("click", async () => {
  const { isError } = await app.openLink({
    url: "https://docs.example.com/getting-started",
  });
  if (isError) {
    showNotification("Unable to open link. Please copy the URL manually.");
  }
});

Open a dynamic URL

async function openUserProfile(userId: string) {
  await app.openLink({
    url: `https://app.example.com/users/${userId}`,
  });
}