Skip to main content
The Admin API exposes 64 operations across seven domains. Each operation is defined once and generated into both an MCP tool and a REST endpoint, so every reference entry lists the MCP tool name, the REST method and path, and the capability the operation enforces — the two surfaces never diverge.
Closed beta. The MCP Manager Admin API and MCP server are available now to a limited set of workspaces through the MCP Manager Admin API entitlement (ff-mcpm-admin), ahead of general availability. If you don’t see Settings → MCP & API in your workspace, it isn’t enabled for you yet — ask your MCP Manager contact to join the beta.

How to read the reference

Each operation entry shows four things:
  • MCP tool — the tool name to call from an MCP client (for example create_inbound_server).
  • REST — the HTTP method and path under /api/v1/mcpm-admin (for example POST /api/v1/mcpm-admin/servers).
  • Capability — the capability your role must hold, shown as its product label and its exact key (for example Basic server management (basicServerManagement)). Operations marked none are available to any authenticated caller.
  • Parameters — every input, with its type, whether it’s required, its default, and where the REST surface reads it from (path, query, or body).
Read-only operations carry a Read-only badge and destructive ones a Destructive badge, mirroring the annotations the MCP server sends to clients. List and query operations return thin results by default — opt into heavy detail (request/response bodies, full alert context) only for the specific records you need, so responses stay small.

Operations by domain

Every operation enforces the same capability as the equivalent action in the app, so the Admin API can never do more than your role already allows. See Authentication & access for the full access model and the status codes returned when a call is denied, malformed, or fails.

Browse the domains

Account & access tokens

Identity, capabilities, and admin Personal Access Token management.

Servers

Create, rename, enable, disable, and delete inbound MCP servers.

Identities

Add, manage, and set the availability of server credentials.

Gateways

Gateways, server assignments with identity schemes, and team provisioning.

People, teams & roles

Users, roles and capabilities, and teams.

Hosts

Hosts and their gateway connections, with connection diagnostics.

Logging

Call-log and alert queries and OpenTelemetry configuration.

Further reading

Account & access tokens

The first domain in the reference — start here.

Authentication & access

Tokens, the entitlement, capability gating, and error codes.

Connect an agent

Get a token and register the admin MCP server in your client.

What's coming

Operations that are on the way but not in the beta yet.