Skip to main content
The MCP Manager Admin API and MCP server let an agent or a script administer your MCP Manager workspace programmatically — create and configure servers, gateways, identities, hosts, teams, roles, access tokens, and log/alert queries — instead of clicking through the app. Every action runs as you, enforcing the same role capabilities as the product UI: a caller can do exactly what its user could do by hand, and nothing more.
Closed beta. The MCP Manager Admin API and MCP server are available now to a limited set of workspaces through the MCP Manager Admin API entitlement (ff-mcpm-admin), ahead of general availability. If you don’t see Settings → MCP & API in your workspace, it isn’t enabled for you yet — ask your MCP Manager contact to join the beta.

What the Admin API lets you do

The Admin API is the control plane for MCP Manager: it manages the configuration itself, as opposed to the data plane where AI clients call tools through a gateway. With it you can, from code or an agent:
  • Create, rename, enable/disable, and delete inbound MCP servers, and manage their identities (credentials).
  • Create and configure gateways, assign servers to them with an identity scheme, provision them to teams, and issue gateway tokens.
  • Manage hosts and their connections — including inspecting a connection’s last successful call and recent errors.
  • Manage people: invite and deactivate users, create and edit roles and their capabilities, and manage teams.
  • Query the MCP call logs and alerts, and configure OpenTelemetry log/trace forwarding.
  • Mint, list, and revoke your own admin access tokens.
Every operation is capability-gated. A call you don’t have the capability for is refused — the Admin API never widens what your role permits. This is the same model the app uses, so the boundary an administrator already configured holds for agents automatically. See Authentication & access for how gating and errors work.

One manifest, two surfaces: MCP tools and a REST twin

Every operation is defined once and exposed two ways, so both surfaces stay identical:
  • MCP tools (primary). Connect an MCP client — Claude, Cursor, or your own agent — to the admin MCP endpoint and call tools like create_inbound_server, assign_server_to_gateway, or query_logs. The server advertises instructions and per-tool annotations (read-only, destructive, idempotent hints) so an agent selects the right tool.
  • REST API (secondary). The same operations are available as HTTP endpoints under /api/v1/mcpm-admin for pipelines and infrastructure code that don’t speak MCP.
The MCP endpoint path is /mcpm-admin/mcp; the exact Connect URL for your workspace is shown when you create an access token (see Connect an agent). Because both surfaces are generated from a single definition, the tool & endpoint reference documents each operation once, with its MCP tool name and REST route side by side.

Admin access tokens are not gateway API tokens

MCP Manager has two kinds of access token, and they are not interchangeable — using the wrong one is the most common setup mistake. An admin Personal Access Token (mcpm_pat_…) authenticates to the Admin API to manage your MCP Manager setup. A gateway API access token lets a headless agent use a gateway to reach downstream MCP servers. If you want an agent to call tools through a gateway, you need a gateway token, not an admin token — see API Tokens & Headless Agents.

Where to go next

Connect an agent

Create an admin access token and wire the admin MCP server into Claude, Cursor, or a REST client.

Authentication & access

Access tokens, OAuth audience binding, the entitlement, capability gating, and error responses.

Tool & endpoint reference

Every operation, with its MCP tool name, REST route, parameters, and required capability.

What's coming

Reporting, gateway rules, feature provisioning, an audit log, and a downloadable CLI — available soon.

Further reading

Connect an agent

The step-by-step path from a fresh token to your first whoami call.

Programmatic Access

How the Admin API fits alongside the token-based agent connection that ships today.

Capabilities

The full list of capabilities the Admin API enforces on every call.

Docs for AI agents

The docs MCP server and llms.txt the admin server points agents to.