Skip to main content
This page connects an agent (or a REST client) to the MCP Manager Admin API. By the end you will have an admin access token, the admin MCP server registered in your client, and a successful whoami call confirming which capabilities you can exercise.
Closed beta. The MCP Manager Admin API and MCP server are available now to a limited set of workspaces through the MCP Manager Admin API entitlement (ff-mcpm-admin), ahead of general availability. If you don’t see Settings → MCP & API in your workspace, it isn’t enabled for you yet — ask your MCP Manager contact to join the beta.

Prerequisites

  • Your workspace has the MCP Manager Admin API entitlement (ff-mcpm-admin). If you don’t see Settings → MCP & API, it isn’t enabled yet — ask your MCP Manager contact to join the beta.
  • An MCP-capable client (for example Claude Code or Cursor), or any HTTP client for the REST twin.

Create an admin access token

An admin Personal Access Token authenticates every call to the Admin API. Create one from the app, then copy it into your client. The token secret is shown once.
1

Open the MCP & API settings

Go to MCP & API → Tokens and select Create token.
2

Name the token and set an expiry

Give the token a Label you’ll recognise later (for example “Claude Desktop” or “CI pipeline”). Leave Expires in (days) blank for the 90-day default, enter a value from 1 to 90, or enter 0 for a token that never expires.
Creating a token is idempotent by label: if a valid token with the same label already exists, MCP Manager returns that token’s details instead of minting a duplicate — but it cannot re-show the secret. Use a new label when you need a fresh secret.
3

Copy the Connect URL and the token

The result panel shows two values. Copy the Connect URL (your workspace’s admin MCP endpoint) and the Access token (it starts with mcpm_pat_). Store the token in a secret manager now — it will not be viewable again after you close the page.
Treat the access token like a password. It carries your full identity and capabilities against the Admin API. If it leaks, revoke it immediately from the same page (Revoke).

Register the admin MCP server in your client

Add the server to your MCP client using the Connect URL as the endpoint and the token as a bearer credential. Replace <connect-url> with the Connect URL you copied and mcpm_pat_... with your token.
terminal
The admin MCP server registers under the name MCP Manager Admin. Its initialize response carries instructions telling the agent to route any “connect X” request through your gateway rather than wiring the client straight to the provider, and points the agent at the docs MCP server and llms.txt for reference.

Confirm access with whoami

Call the whoami tool (or GET /api/v1/mcpm-admin/whoami) as your first request. It needs no parameters and no special capability, and it returns your resolved user, organization, team, and role — plus the capability keys your role grants, which are exactly the operations you’re allowed to perform.
A successful whoami response lists your capability keys. Use it to discover what you can do before attempting a gated write — a call you lack the capability for is refused with a 403.
Ask your agent to call the whoami tool, or invoke it directly:

Prefer OAuth over a long-lived token?

Interactive MCP clients that support OAuth can connect without a Personal Access Token: the admin server is an OAuth 2.1 protected resource, and a client that discovers it will run the authorization flow and obtain a short-lived bearer automatically. A token minted this way is audience-bound to the admin MCP resource, so it can’t be replayed against another endpoint. Personal Access Tokens remain the right choice for headless agents and pipelines. See Authentication & access for both paths.

Further reading

Authentication & access

Token format and lifetime, OAuth audience binding, the entitlement, and capability gating.

Tool & endpoint reference

Every tool and endpoint, grouped by domain, with parameters and required capabilities.

Admin API & MCP overview

What the control-plane surface is and how MCP tools and the REST twin relate.

Capabilities

What each capability whoami reports actually allows.