Skip to main content
These operations read the MCP call logs and alerts and configure OpenTelemetry forwarding. Responses are thin by default — request the heavy detail only for the specific rows you need. The call log here is the AI-usage log, distinct from the forthcoming admin audit log.
Closed beta. The MCP Manager Admin API and MCP server are available now to a limited set of workspaces through the MCP Manager Admin API entitlement (ff-mcpm-admin), ahead of general availability. If you don’t see Settings → MCP & API in your workspace, it isn’t enabled for you yet — ask your MCP Manager contact to join the beta.

Query Logs

Retrieve MCP call logs, paginated and filterable. Queries the workspace MCP call logs (the same data behind the Logging view), scoped to the caller’s org. Filter by connection, user, gateway, server, host, container, team, log type, or trace/span id, and by a created_at time range (fromMs/toMs). Returns a page of log rows ordered newest-first by default. Responses are thin by default (no request/response body or headers); pass includeDetail:true to include them (truncated). This is the AI-usage/call log — distinct from the admin audit log. MCP tool: query_logs · REST: POST /api/v1/mcpm-admin/logs/query · Capability: View and export logs (exportLogs) Parameters
filters
object
Flat column -> value equality filters. Allowed columns: gateway_connection_guid (a connection), user_guid, outbound_gateway_guid (a gateway), inbound_server_guid (a server), host_guid, server_container_guid, team_guid, type (log type), trace_id, span_id. Combine with the time range and pagination below. org scope is always applied automatically. (a string → string map)
fromMs
integer
Time-range start as epoch milliseconds (inclusive lower bound on created_at). Omit for no lower bound.
toMs
integer
Time-range end as epoch milliseconds (inclusive upper bound on created_at). Omit for no upper bound.
orderByColumn
string
Column to sort by (must be a returned log column). Defaults to created_at.
orderByDirection
string
Sort direction. Defaults to desc (newest first). One of: asc, desc.
skip
integer
Number of rows to skip (offset) for pagination. Defaults to 0.
take
integer
Max rows to return this page. Defaults to 100, capped at 1000.
includeDetail
boolean
When true, include the heavy request/response body and headers fields (truncated). Omitted by default to keep responses small — request detail only for the specific rows you need.
Example

List Alerts

List workspace alerts, paginated and filterable (thin summaries). Lists alerts for the workspace, newest-first, filterable by code, messageType, related resource, and a created-at time range. Returns a thin summary per alert (guid, code, messageType, subject, message, createdAt, relatedResourceIds) — the heavy debug/close context is omitted; use get_alert for the full record of a single alert. MCP tool: list_alerts · REST: POST /api/v1/mcpm-admin/alerts/query · Capability: See all alerts (seeAllAlerts) Parameters
filters
object
Optional filters: code (exact alert code), messageType (info | warning | error), and/or relatedResourceGuid (matches any related resource on the alert — server, gateway, assignment, identity, policy, or connection). Combine with the time range below. (a string → string map)
fromMs
integer
Time-range start as epoch milliseconds (inclusive lower bound on when the alert was created).
toMs
integer
Time-range end as epoch milliseconds (inclusive upper bound on when the alert was created).
skip
integer
Number of alerts to skip (offset) for pagination. Defaults to 0.
take
integer
Max alerts to return this page. Defaults to 50, capped at 250.
Example

Get Alert

Read-only Get the full record for one alert. Returns everything about a single alert: the summary fields plus the unresolved dynamicContent (subject/message with placeholders), the debugContext (response status/headers/body and engine details), relatedContext, and closeDetails. Use for debugging a specific alert surfaced by list_alerts. MCP tool: get_alert · REST: GET /api/v1/mcpm-admin/alerts/:alertGuid · Capability: See all alerts (seeAllAlerts) Parameters
alertGuid
string
required
The guid of the alert to inspect (from list_alerts).
Example

Get OpenTelemetry Configuration

Read-only Get the workspace OpenTelemetry (OTLP/HTTP) log-forwarding configuration. Returns the workspace OTLP/HTTP configuration used to forward logs (and optionally traces) to a SIEM: { configured, logsCollectorUrl, tracesCollectorUrl, headerNames }. For security, only the header names are returned, never their values (headers often carry a bearer/API token). configured is false when no collector is set up yet. MCP tool: get_otel_configuration · REST: GET /api/v1/mcpm-admin/otel-configuration · Capability: Manage OpenTelemetry collector (manageOtelCollector) Parameters: none. Example

Set OpenTelemetry Configuration

Configure the workspace OpenTelemetry (OTLP/HTTP) collector. Creates or updates the workspace OTLP/HTTP configuration for log (and optional trace) forwarding, mirroring the Logging > Integrations panel. Provide at least one collector URL. URLs are stored exactly as entered (no signal path is appended); each URL is updated independently, so omitting one keeps the currently-stored value rather than clearing it. headers is optional: omit to keep existing headers, pass a map to replace them, or an empty map to clear them. Returns the same shape as get_otel_configuration (header names only, never values). MCP tool: set_otel_configuration · REST: POST /api/v1/mcpm-admin/otel-configuration · Capability: Manage OpenTelemetry collector (manageOtelCollector) Parameters
logsCollectorUrl
string
OTLP/HTTP endpoint for log export (e.g. https://collector.example.com:4318/v1/logs). Sent exactly as given — include the signal path yourself; it is never appended. Omit to keep the currently-stored logs URL unchanged (updating only the traces URL never disables log forwarding). At least one of logsCollectorUrl or tracesCollectorUrl is required.
tracesCollectorUrl
string
OTLP/HTTP endpoint for trace export (e.g. https://collector.example.com:4318/v1/traces). Sent exactly as given — include the signal path yourself; it is never appended. Omit to keep the currently-stored traces URL unchanged (updating only the logs URL never disables trace forwarding). At least one of logsCollectorUrl or tracesCollectorUrl is required.
headers
object
HTTP request headers sent with both signals (e.g. an Authorization bearer for the SIEM). OMIT this to keep the existing headers unchanged — important because their values are write-only and cannot be read back to re-supply. Pass a map to REPLACE the full header set, or an empty map to clear all headers. Values are stored encrypted and are never returned by get_otel_configuration. (a string → string map)
Example

Further reading

What's coming

Where to go next in this section.

Authentication & access

Tokens, the entitlement, capability gating, and error codes for every operation here.

Tool & endpoint reference

The full reference index across every domain.

Capabilities

What each capability named on this page actually allows.