> ## Documentation Index
> Fetch the complete documentation index at: https://docs.mcpmanager.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Admin API & MCP Server

> What the MCP Manager Admin API and MCP server are: a control-plane surface that lets an agent or script manage your MCP Manager configuration — servers, gateways, identities, hosts, teams, roles, logs, and integrations — with the same actions as the app, scoped by your role capabilities, over MCP tools and a REST twin.

The **MCP Manager Admin API and MCP server** let an agent or a script administer your MCP Manager workspace programmatically — create and configure servers, gateways, identities, hosts, teams, roles, access tokens, and log/alert queries — instead of clicking through the app. Every action runs **as you**, enforcing the **same role capabilities** as the product UI: a caller can do exactly what its user could do by hand, and nothing more.

<Info>
  **Closed beta.** The MCP Manager Admin API and MCP server are available now to a
  limited set of workspaces through the **MCP Manager Admin API** entitlement
  (`ff-mcpm-admin`), ahead of general availability. If you don't see **Settings →
  MCP & API** in your workspace, it isn't enabled for you yet — ask your MCP Manager
  contact to join the beta.
</Info>

## What the Admin API lets you do

The Admin API is the **control plane** for MCP Manager: it manages the configuration itself, as opposed to the **data plane** where AI clients call tools through a gateway. With it you can, from code or an agent:

* Create, rename, enable/disable, and delete **inbound MCP servers**, and manage their **identities** (credentials).
* Create and configure **gateways**, assign servers to them with an identity scheme, provision them to **teams**, and issue gateway tokens.
* Manage **hosts** and their **connections** — including inspecting a connection's last successful call and recent errors.
* Manage **people**: invite and deactivate users, create and edit **roles** and their capabilities, and manage **teams**.
* Query the **MCP call logs** and **alerts**, and configure **OpenTelemetry** log/trace forwarding.
* Mint, list, and revoke your own **admin access tokens**.

Every operation is **capability-gated**. A call you don't have the capability for is refused — the Admin API never widens what your role permits. This is the same model the app uses, so the boundary an administrator already configured holds for agents automatically. See [Authentication & access](/admin-api/authentication) for how gating and errors work.

## One manifest, two surfaces: MCP tools and a REST twin

Every operation is defined once and exposed two ways, so both surfaces stay identical:

* **MCP tools (primary).** Connect an MCP client — Claude, Cursor, or your own agent — to the admin MCP endpoint and call tools like `create_inbound_server`, `assign_server_to_gateway`, or `query_logs`. The server advertises instructions and per-tool annotations (read-only, destructive, idempotent hints) so an agent selects the right tool.
* **REST API (secondary).** The same operations are available as HTTP endpoints under `/api/v1/mcpm-admin` for pipelines and infrastructure code that don't speak MCP.

The MCP endpoint path is `/mcpm-admin/mcp`; the exact **Connect URL** for your workspace is shown when you create an access token (see [Connect an agent](/admin-api/connect)). Because both surfaces are generated from a single definition, the [tool & endpoint reference](/admin-api/reference/overview) documents each operation once, with its MCP tool name and REST route side by side.

## Admin access tokens are not gateway API tokens

MCP Manager has two kinds of access token, and they are not interchangeable — using the wrong one is the most common setup mistake.

| Token                           | Prefix      | Grants access to                                                                                              | Gated by                                                    |
| ------------------------------- | ----------- | ------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------- |
| **Admin Personal Access Token** | `mcpm_pat_` | The Admin API / MCP server (this section) — the control plane                                                 | The **MCP Manager Admin API** entitlement (`ff-mcpm-admin`) |
| **Gateway API access token**    | —           | A single gateway connection — the data plane, for [headless agents](/features/api-tokens-and-headless-agents) | The **Create and manage API tokens** capability             |

An **admin Personal Access Token** (`mcpm_pat_…`) authenticates to the Admin API to *manage* your MCP Manager setup. A **gateway API access token** lets a headless agent *use* a gateway to reach downstream MCP servers. If you want an agent to call tools through a gateway, you need a gateway token, not an admin token — see [API Tokens & Headless Agents](/features/api-tokens-and-headless-agents).

## Where to go next

<CardGroup cols={2}>
  <Card title="Connect an agent" icon="plug" href="/admin-api/connect">
    Create an admin access token and wire the admin MCP server into Claude, Cursor, or a REST client.
  </Card>

  <Card title="Authentication & access" icon="shield-halved" href="/admin-api/authentication">
    Access tokens, OAuth audience binding, the entitlement, capability gating, and error responses.
  </Card>

  <Card title="Tool & endpoint reference" icon="book" href="/admin-api/reference/overview">
    Every operation, with its MCP tool name, REST route, parameters, and required capability.
  </Card>

  <Card title="What's coming" icon="road" href="/admin-api/roadmap">
    Reporting, gateway rules, feature provisioning, an audit log, and a downloadable CLI — available soon.
  </Card>
</CardGroup>

## Further reading

<CardGroup cols={2}>
  <Card title="Connect an agent" icon="plug" href="/admin-api/connect">
    The step-by-step path from a fresh token to your first `whoami` call.
  </Card>

  <Card title="Programmatic Access" icon="code" href="/enterprise/programmatic-access">
    How the Admin API fits alongside the token-based agent connection that ships today.
  </Card>

  <Card title="Capabilities" icon="key" href="/deployment/rbac-and-roles/capabilities">
    The full list of capabilities the Admin API enforces on every call.
  </Card>

  <Card title="Docs for AI agents" icon="wand-magic-sparkles" href="/get-started/use-docs-with-ai">
    The docs MCP server and `llms.txt` the admin server points agents to.
  </Card>
</CardGroup>
