BrowserStack Advanced
BrowserStack Advanced is a QuilrAI-built MCP for BrowserStack account discovery, browser and device inventories, Automate and App Automate sessions, diagnostic data, app uploads, and Test Management workflows. It uses a BrowserStack username and access key instead of an OAuth Client ID and Client Secret.
Use this guide when you add BrowserStack Advanced from the MCP library or register its hosted transport URL manually.
What This MCP Can Do
The MCP provides 48 tools. It favors native BrowserStack bulk endpoints when available and otherwise runs bounded batches with ordered, per-item outcomes.
The hosted MCP does not run BrowserStack Local tunnels or access files and processes on a user's computer. Local Testing requires an agent-side BrowserStack Local process and is intentionally outside this remote MCP.
Before You Start
You need:
- A BrowserStack account with access to the products you plan to use.
- The BrowserStack Username and Access Key from account settings.
- Permission to store those credentials in QuilrAI.
For a company-wide integration, use a BrowserStack service account where your plan supports it. This avoids tying the shared MCP connection to an employee's personal access key.
Get The BrowserStack Credentials
- Sign in to BrowserStack.
- Open Account > Settings.
- Find the account credentials or Local Testing credentials section.
- Copy both Username and Access Key.
The username may not be the account email address. Use the exact BrowserStack username shown next to the access key.
Credential Format
Enter the username and access key as one value separated by a colon:
YOUR_BROWSERSTACK_USERNAME:YOUR_BROWSERSTACK_ACCESS_KEY
For example:
company_service_user_abc123:replace-with-access-key
Do not add spaces, quotes, Basic, or Bearer to the value.
You do not need to Base64-encode this value. BrowserStack Advanced accepts the raw username:access-key value, separates the two fields, and constructs BrowserStack HTTP Basic authentication inside the MCP.
The MCP also accepts Base64-encoded username:access-key for clients that cannot safely submit a colon in a credential field. Base64 is encoding, not encryption, and must still be handled as a secret.
Optional Base64 compatibility format
On macOS or Linux:
printf '%s' 'YOUR_BROWSERSTACK_USERNAME:YOUR_BROWSERSTACK_ACCESS_KEY' | base64 | tr -d '\n'
On PowerShell:
[Convert]::ToBase64String(
[Text.Encoding]::UTF8.GetBytes(
"YOUR_BROWSERSTACK_USERNAME:YOUR_BROWSERSTACK_ACCESS_KEY"
)
)
Paste only the encoded output into the Upstream API Key field. Do not set a value prefix.
Register BrowserStack Advanced
If BrowserStack Advanced is already present in the MCP library, install it from there. To register it manually:
- In QuilrAI, open MCP Gateway and click Add MCP.
- Enter these values:
If Auto-detect identifies an upstream API key, continue with the detected option.
- On the upstream credential screen, configure:
- Click Create.
- Confirm that QuilrAI can list the BrowserStack tools.
- Enable read-only tools first. Enable write and destructive tools only for approved users and agents.
The Bearer token selection describes how the gateway securely transports the composite secret to the hosted MCP. The MCP then converts it to the HTTP Basic authentication format required by BrowserStack. Do not enter Basic or Bearer in Value prefix.
Choose Credential Ownership
For Admin shared, prefer a BrowserStack service account scoped to the required team or organization. Limit access in both BrowserStack and QuilrAI.
Verify The Connection
Start with a read-only capability request:
Using BrowserStack Advanced, show the BrowserStack products and capabilities
available to this account. This is strictly read-only.
Then verify environment discovery:
Using BrowserStack Advanced, list five available desktop browser environments
and five real mobile devices. Do not start a session or change anything.
To verify batch reads:
Using BrowserStack Advanced, retrieve details for these BrowserStack session IDs
in one batch. Preserve the input order and report per-session errors. This is
read-only: <session-id-1>, <session-id-2>.
Use It Effectively
- Prefer batch and bulk tools for multiple builds, sessions, cases, runs, or results.
- Use account capability discovery before requesting a product-specific operation.
- Use the session diagnostic brief for a bounded summary of metadata, logs, and failure context.
- Keep destructive tools disabled unless the workflow explicitly needs deletion or archival.
- Require user confirmation before deleting builds, sessions, test runs, or test cases.
- Use HTTPS URLs for app uploads. The hosted MCP cannot upload a file from a user's local disk.
- Expect product and plan permissions to affect which tools succeed even when the credential is valid.
Troubleshooting
Rotate The Access Key
Rotating a BrowserStack access key invalidates the old credential.
- Rotate or reset the access key in BrowserStack.
- Update the composite upstream credential in QuilrAI using the same username and new key.
- Re-run the read-only capability test.
- Remove any old encoded copies from local notes, shell history, or secret stores.
If a credential appears in a screenshot, chat, ticket, or repository, rotate it immediately.