Build a LinkedIn Sourcing Tool in Cursor with Fintalio (Tutorial)

#TL;DR

In about 40 minutes you can turn Cursor IDE into a LinkedIn sourcing tool that finds 20 senior engineers in Berlin, qualifies them, and drafts personalized outreach, all without leaving your editor. The agent calls the Fintalio MCP server over auth:sanctum with a 120 req/min throttle (Fintalio routes/ai.php), invokes 5 of the 19 published tools, and parks the launch step behind a human approval gate. You stay in the loop on every send, and Cursor’s chat handles the planning.

This is a hands-on tutorial. You will paste a real mcp.json snippet, run real tool calls (ListContacts, CreateContactGroup, CreateSequenceTemplate), and finish with a sourcing workflow that scales without burning your LinkedIn account.

For the broader category context, start with the pillar at /blog/linkedin-mcp. If you prefer Claude Desktop to Cursor, the sibling tutorial lives at /blog/claude-desktop-linkedin-agent.

#Why Cursor is a strong host for a LinkedIn sourcing agent

Cursor has shipped native Model Context Protocol support since version 0.45, with full client coverage across stdio, SSE, and Streamable HTTP transports (Cursor docs, 2026). That matters because the same mcp.json config that runs your filesystem and GitHub tools can also reach a hosted LinkedIn MCP endpoint. One agent surface, every tool.

The second reason is workflow fit. Sourcing is iterative work: read a list, filter, re-rank, draft, re-draft. Cursor’s chat keeps the loop tight because the agent already lives next to your code, your CSVs, and your scratch notes. You can paste a JD into the chat, ask Cursor to extract qualification criteria, and pipe those criteria straight into a ListContacts filter without context-switching to a separate app.

The third reason is reproducibility. Every Cursor MCP call is logged in the chat, so you have an audit trail of which prompt produced which CreateSequenceTemplate body, which beats the “did I really write that DM at 2 AM?” problem most outreach tooling has.

#What “sourcing agent” actually means here

It is not autonomous account creation, not scraping, not bypassing LinkedIn rate limits. The sourcing agent operates on contacts you already have access to in Fintalio (imported via CSV or the Chrome extension), runs filters and qualification across them, and proposes a sequence you review before launch. The agent does the reading and writing. You do the approving.

#What does the Fintalio MCP server actually expose?

Fintalio’s MCP server publishes 19 tools and 3 resources behind a Sanctum-authenticated /mcp endpoint, throttled at 120 requests per minute per token (Anthropic MCP spec, 2025). The split is 9 read tools, 9 write tools, and 1 execute tool (LaunchSequence). The execute tool is the one you keep behind a human gate.

The tools that matter for sourcing are a narrow subset:

• ListContacts: paginated contact retrieval with filters on group, tag, and custom fields.
• GetContact: full contact record including custom_data JSON and invited_at timestamp.
• CreateContactGroup: segments contacts into a named bucket. Unique on (user_id, name).
• ListSequenceTemplates: read existing templates so the agent does not re-create what you already have.
• CreateSequenceTemplate: defines a multi-step outreach template (subject, body, delay).
• LaunchSequence: execute only, requires auth:sanctum,subscribed middleware.

The three resources (ContactResource, SequenceResource, TemplateResource) expose typed read views the agent can hydrate without re-querying.

#What it does not expose

Fintalio’s MCP surface is intentionally narrow. There is no profile-scraping tool, no advanced LinkedIn search tool, no feed-reading tool, no post-publishing tool. If your sourcing workflow needs cold profile discovery outside your existing contact base, you will pair Fintalio with a separate enrichment source. The honest framing is: Fintalio is the relay and orchestration layer, not the scraper.

#How do I wire Cursor to the Fintalio MCP server?

Cursor reads MCP servers from ~/.cursor/mcp.json (global) or .cursor/mcp.json (per-project), per Cursor’s official MCP documentation released in early 2026 (Cursor MCP guide, 2026). The Fintalio endpoint is a hosted HTTP MCP server, so you use the url transport rather than command.

Generate your API token first. Inside the Fintalio app, go to Settings, then “Tokens API & MCP”, and create a new token. Copy it once, store it in your password manager, and never paste it into a public repo.

Now create or edit ~/.cursor/mcp.json:

{
  "mcpServers": {
    "fintalio": {
      "url": "https://fintalio.com/mcp",
      "headers": {
        "Authorization": "Bearer YOUR_FINTALIO_TOKEN_HERE"
      }
    }
  }
}

Restart Cursor. Open the chat panel, type /mcp, and you should see fintalio listed with all 19 tools. If you see “0 tools”, check three things: the token is valid (test with curl -H "Authorization: Bearer ..." https://fintalio.com/mcp and expect a JSON-RPC handshake response), your subscription is active, and the URL has no trailing slash.

#Project-scoped vs global config

If you want different tokens per project, drop the same JSON into .cursor/mcp.json at the repo root. Cursor merges project-scoped servers on top of the global config. This is the safer pattern when you are demoing or pairing with someone else.

#How do I write a sourcing agent prompt that actually works?

A good sourcing prompt is a constrained plan, not an open-ended ask. Treat Cursor’s agent like a junior recruiter on day one: tell it the inputs, the qualification rules, the output shape, and the approval gate. Anthropic’s own prompt engineering guidance recommends explicit XML-tagged structure for multi-step agent tasks (Anthropic Prompt Engineering Guide, 2025).

Here is a working prompt you can paste into Cursor’s chat with the Fintalio MCP server connected:

You are a LinkedIn sourcing agent. Use the Fintalio MCP server only.

GOAL: Find 20 senior software engineers based in Berlin from my existing
Fintalio contacts, qualify them against the criteria below, and prepare
a 3-step outreach sequence for my approval.

QUALIFICATION CRITERIA:
- Current title contains "senior", "staff", "principal", or "lead"
- Location custom_data field contains "Berlin" or "DE"
- invited_at is null (we have not contacted them before)
- Tagged with "engineering" OR "backend" OR "platform"

STEPS:
1. Call ListContacts with appropriate filters. Page until you have
   at least 20 matches or you have exhausted the list.
2. For each match, call GetContact and verify the criteria. Reject
   any that do not match. Do not invent data.
3. Create a contact group named "berlin-seniors-2026-06" with the
   qualified subset.
4. Draft a 3-step sequence template: opener (day 0), value DM (day 3),
   final ask (day 7). Personalize the opener using each contact's
   custom_data.
5. Call CreateSequenceTemplate with the draft. STOP THERE.
6. Print the template ID and a summary table of the 20 contacts.
7. DO NOT call LaunchSequence. I will review in the Fintalio UI and
   launch manually.

RULES:
- If a tool returns an error, surface it. Do not retry silently.
- If fewer than 20 contacts qualify, surface the count and ask before
  expanding criteria.
- Never fabricate a contact. Only act on data returned by Fintalio.

#Why the explicit “STOP” matters

LLM agents are eager. Without an explicit terminal instruction, the agent will frequently chain into LaunchSequence because the prompt’s framing implies “complete the workflow.” The “STOP THERE” line plus the “DO NOT call LaunchSequence” line is what keeps the human approval gate intact. Cursor’s chat will still let you ask “now launch it” as a follow-up, which is the explicit confirmation you want.

#What does a real Fintalio tool call look like from Cursor?

When Cursor invokes a Fintalio tool, it sends a JSON-RPC 2.0 request to the /mcp endpoint, matching the format defined in the MCP specification (MCP transport spec, 2025). You will not write this by hand, but knowing the shape helps you debug when the agent gets stuck.

A ListContacts call looks like this in the wire:

{
  "jsonrpc": "2.0",
  "id": 1,
  "method": "tools/call",
  "params": {
    "name": "ListContacts",
    "arguments": {
      "tags": ["engineering"],
      "limit": 50,
      "cursor": null
    }
  }
}

And the typical response:

{
  "jsonrpc": "2.0",
  "id": 1,
  "result": {
    "content": [
      {
        "type": "text",
        "text": "{\"contacts\": [...], \"next_cursor\": \"eyJp...\"}"
      }
    ]
  }
}

For CreateSequenceTemplate, the agent passes a structured payload with the steps array. Each step carries subject, body, and delay_days (decimal, per migration make_delay_days_decimal). The body supports Fintalio template variables like {{first_name}} and {{custom_data.location}}. If you reference a variable that does not exist on a given contact, Fintalio falls back to the default you set via ListVariables.

#Debugging when a tool fails

The three most common failure modes are token expiry (401 from the gateway), rate-limit hits (429 after 120 req/min), and validation errors on CreateSequenceTemplate (most often a missing delay_days on a step). Cursor surfaces the raw error in the chat. Read it. Do not let the agent retry blindly.

#How do I keep this safe in production?

LinkedIn account safety is the entire game. The single biggest predictor of getting your account restricted is volume velocity, not action type, per LinkedIn’s documented engineering practices on account safety signals (LinkedIn Help, 2025). Three patterns matter.

Rate-limit the agent below your account’s natural ceiling. Fintalio enforces 50 outbound actions per day on the €69/mo plan (config/plans.php, key SEQUENCE_DAILY_MESSAGES). Treat that as a hard ceiling, not a target. For new accounts or accounts that have been quiet for a while, start at 10 per day and ramp.

Keep LaunchSequence behind a human approval gate. The MCP server requires auth:sanctum,subscribed middleware on the execute route. The Cursor agent can draft, save, and queue. You launch from the Fintalio UI after eyeballing the template and the recipient list. Never paste your API token into a CI job that auto-executes.

Log every call. Cursor’s chat already provides one audit trail. Fintalio’s app-side history provides the second. If a recipient ever flags an outreach, you want both views to reconcile.

#The “send to yourself first” pattern

Before launching a new sequence template to 20 strangers, send it to yourself or a teammate. Create a one-contact test-sends group, point a clone of the template at it, and read the messages as they land in your LinkedIn inbox. Half of all template bugs (missing variables, broken merge fields, awkward line breaks) surface in the first real send, not in the preview.

#FAQ

#How much does this setup cost end to end?

Cursor’s Pro plan is $20 per month, and Fintalio is €69 per month with MCP access bundled in the single plan (Cursor pricing, 2026). Total fixed cost is roughly $95 per month at current exchange. There is no separate MCP tier and no usage-based metering exposed on the Fintalio API today, even though the database scaffolding exists for it. Cursor’s free tier works for light use but rate-limits long agent runs.

#Can I run this without Cursor, using my own Python script?

Yes. The Fintalio MCP server speaks standard MCP over HTTP, so any client implementing the spec works, including the official mcp Python SDK (modelcontextprotocol.io, 2025). The trade-off is you give up Cursor’s chat planning, so your script handles the multi-step orchestration logic itself. For one-shot, repeatable workflows, a Python script is the right shape. For exploratory sourcing, Cursor wins.

#What happens when LinkedIn changes its policies?

Fintalio routes LinkedIn actions through a compliant first-party authentication relay, which absorbs upstream API contract changes on your behalf. Historically, LinkedIn’s anti-automation policies have tightened roughly every 12 to 18 months (Reuters reporting on LinkedIn enforcement, 2024). The right defensive posture is to keep daily volumes conservative and avoid pattern-perfect timing. Random jitter on delay_days helps.

#Can the agent personalize DMs at scale without sounding robotic?

The single biggest lever is the custom_data JSON field on each contact. If the field has a real signal (recent post, mutual connection, shared employer history), the agent’s draft will feel hand-written. If the field is empty, the agent fills with generic openers and the open rate collapses. Cold email research from Lavender showed personalization beyond {{first_name}} lifts reply rates by 142% (Lavender 2024 State of Cold Email).

#Conclusion

A Cursor-driven LinkedIn sourcing tool is one mcp.json block, one carefully scoped prompt, and one human approval gate away. The economics work for any team already running a Cursor subscription: you reuse the agent surface you have, plug into a narrow but stable MCP tool set, and keep account safety on your side of the line.

Three takeaways. First, keep LaunchSequence behind manual approval. Second, qualify against your existing contact base before chasing scale. Third, treat the agent like a junior recruiter, not an autonomous worker, and constrain every prompt accordingly.

If you want to go deeper on the protocol itself, read the pillar at /blog/linkedin-mcp. When you are ready to plug LinkedIn into your agent, start a Fintalio account and copy your API token.

Key Takeaways

• Cursor’s native MCP support since v0.45 lets you reach a hosted LinkedIn MCP server with one mcp.json block (Cursor docs, 2026).
• Fintalio exposes 19 MCP tools behind a 120 req/min Sanctum-authenticated endpoint, with a hard ceiling of 50 outbound actions per day on the €69/mo plan.
• A safe sourcing agent uses 5 tools (ListContacts, GetContact, CreateContactGroup, CreateSequenceTemplate, LaunchSequence) and keeps LaunchSequence behind a human approval gate.
• Personalization beyond {{first_name}} lifts reply rates by 142% (Lavender, 2024). Invest in the custom_data field.