Closed beta. The MCP Manager Admin API and MCP server are available now to a
limited set of workspaces through the MCP Manager Admin API entitlement
(
ff-mcpm-admin), ahead of general availability. If you don’t see Settings →
MCP & API in your workspace, it isn’t enabled for you yet — ask your MCP Manager
contact to join the beta.What the Admin API lets you do
The Admin API is the control plane for MCP Manager: it manages the configuration itself, as opposed to the data plane where AI clients call tools through a gateway. With it you can, from code or an agent:- Create, rename, enable/disable, and delete inbound MCP servers, and manage their identities (credentials).
- Create and configure gateways, assign servers to them with an identity scheme, provision them to teams, and issue gateway tokens.
- Manage hosts and their connections — including inspecting a connection’s last successful call and recent errors.
- Manage people: invite and deactivate users, create and edit roles and their capabilities, and manage teams.
- Query the MCP call logs and alerts, and configure OpenTelemetry log/trace forwarding.
- Mint, list, and revoke your own admin access tokens.
One manifest, two surfaces: MCP tools and a REST twin
Every operation is defined once and exposed two ways, so both surfaces stay identical:- MCP tools (primary). Connect an MCP client — Claude, Cursor, or your own agent — to the admin MCP endpoint and call tools like
create_inbound_server,assign_server_to_gateway, orquery_logs. The server advertises instructions and per-tool annotations (read-only, destructive, idempotent hints) so an agent selects the right tool. - REST API (secondary). The same operations are available as HTTP endpoints under
/api/v1/mcpm-adminfor pipelines and infrastructure code that don’t speak MCP.
/mcpm-admin/mcp; the exact Connect URL for your workspace is shown when you create an access token (see Connect an agent). Because both surfaces are generated from a single definition, the tool & endpoint reference documents each operation once, with its MCP tool name and REST route side by side.
Admin access tokens are not gateway API tokens
MCP Manager has two kinds of access token, and they are not interchangeable — using the wrong one is the most common setup mistake.
An admin Personal Access Token (
mcpm_pat_…) authenticates to the Admin API to manage your MCP Manager setup. A gateway API access token lets a headless agent use a gateway to reach downstream MCP servers. If you want an agent to call tools through a gateway, you need a gateway token, not an admin token — see API Tokens & Headless Agents.
Where to go next
Connect an agent
Create an admin access token and wire the admin MCP server into Claude, Cursor, or a REST client.
Authentication & access
Access tokens, OAuth audience binding, the entitlement, capability gating, and error responses.
Tool & endpoint reference
Every operation, with its MCP tool name, REST route, parameters, and required capability.
What's coming
Reporting, gateway rules, feature provisioning, an audit log, and a downloadable CLI — available soon.
Further reading
Connect an agent
The step-by-step path from a fresh token to your first
whoami call.Programmatic Access
How the Admin API fits alongside the token-based agent connection that ships today.
Capabilities
The full list of capabilities the Admin API enforces on every call.
Docs for AI agents
The docs MCP server and
llms.txt the admin server points agents to.
