Create an OAuth2 application in Help Scout under Your Profile > My Apps; use the client credentials flow (POST to https://api.helpscout.net/v2/tokens with grant_type=client_credentials) to obtain a Bearer token.
Create a conversation by POSTing to https://api.helpscout.net/v2/conversations with Authorization: Bearer {token} and a JSON body specifying mailboxId, subject, customer (email), type (email or chat), and at least one thread (message).
Retrieve conversations by GETting https://api.helpscout.net/v2/conversations with filter parameters; responses are paginated using page and size query parameters.
Register a webhook in Help Scout under Manage > Apps > Webhooks or via the API (POST https://api.helpscout.net/v2/webhooks) specifying the callback URL, secret key, and the event types to subscribe to.
Validate incoming webhooks by computing HMAC-SHA1 of the raw request body using your webhook secret and comparing it to the X-HelpScout-Signature header value.
Known gotchas
Access tokens from the client credentials flow expire after 2 hours and must be refreshed; the API does not return a refresh token for the client credentials grant, so a new token must be fetched by repeating the grant flow.
Help Scout's API enforces a rate limit of 200 requests per minute per access token; bulk operations such as exporting all conversations must implement backoff when the API returns 429 responses.
The mailboxId is required when creating conversations and must correspond to an actual mailbox the OAuth app has access to; an incorrect or inaccessible mailboxId returns a validation error that can be confusing if you have multiple mailboxes.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp