Bind the Destination service instance to your BTP application; read the binding credentials from the environment (VCAP_SERVICES or a Kubernetes secret)
Obtain an access token from XSUAA: POST to the token URL from the binding with grant_type=client_credentials using the clientid and clientsecret from the binding
Call the Destination service REST API GET /destination-configuration/v1/destinations/<name> with the Bearer token to retrieve the destination's URL, auth type, and headers
For on-premise destinations, the response includes a connectivity proxy host/port and a Location ID; route your outbound call through the Cloud Connector proxy with those values
Pass the Proxy-Authorization header (using the token from the Connectivity service, not the Destination service) when tunnelling through the Cloud Connector
Known gotchas
The Destination service token and the Connectivity proxy token are obtained from different OAuth clients in the same XSUAA tenant; mixing them returns 401
Destination configurations are cached; changes made in the BTP cockpit can take a few minutes to propagate — do not cache the resolved destination indefinitely in your application
The Cloud Connector Location ID must match the value configured in the Cloud Connector administration UI exactly; a mismatch silently routes to the wrong connector or fails
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp