> ## Documentation Index
> Fetch the complete documentation index at: https://docs.mcpmanager.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Programmatic Access

> How to manage MCP Manager from code: the Admin API and MCP server (in closed beta) provision and configure gateways, servers, identities, roles, and more over MCP tools and REST, scoped by your role capabilities; a downloadable CLI and infrastructure-as-code support are still to come; and the token-based agent connection and per-user identity passing that ship today.

Many teams want to manage their MCP Manager setup **programmatically** — provisioning gateways, servers, identities, and roles from code or a pipeline instead of clicking through the app. This page explains what you can automate today and where the programmatic surfaces stand.

<Info>
  **The Admin API and MCP server are now in closed beta.** You can provision and manage most of your workspace over MCP tools and a REST API, scoped by your role capabilities. See the [Admin API & MCP](/admin-api/overview) section for the full documentation. Access is gated by the **MCP Manager Admin API** entitlement — ask your MCP Manager contact to join.
</Info>

## Manage your workspace with the Admin API

The [Admin API and MCP server](/admin-api/overview) are the **control plane** for MCP Manager. From an agent or a script you can create and configure inbound servers, gateways and their assignments, identities, hosts and connections, teams, roles, and access tokens, and query the call logs and alerts — the same actions available in the app, enforced by the **same role capabilities**. Every operation is exposed both as an MCP tool and as a REST endpoint under `/api/v1/mcpm-admin`.

This is in **closed beta**: available now to workspaces with the **MCP Manager Admin API** entitlement (`ff-mcpm-admin`), ahead of general availability. To get started, see [Connect an agent](/admin-api/connect) and the [tool & endpoint reference](/admin-api/reference/overview).

### Still to come

A few programmatic surfaces are planned but not in the beta yet — the [Admin API roadmap](/admin-api/roadmap) tracks them:

* **A downloadable CLI** to script the same operations and wire them into pipelines and infrastructure-as-code workflows.
* **Gateway rules, custom rule engines, feature provisioning, reporting, and an admin audit log** over the Admin API.

<Note>
  **A dedicated Terraform provider is not available.** Teams that manage infrastructure declaratively can drive the REST API from their own automation today; a first-class Terraform provider isn't something we offer yet. If declarative infrastructure-as-code is a requirement for you, tell your MCP Manager contact — it helps us prioritise.
</Note>

## What you can automate today without the beta

Two related capabilities ship to every workspace and don't require the Admin API entitlement. Both are about **connecting agents** to gateways, not about **provisioning** the gateways themselves.

* **Token-based agent connection.** A headless agent connects to a gateway with a gateway API access token rather than an interactive sign-in. You create a token-based host and issue it a token scoped to a single gateway connection. See [API Tokens & Headless Agents](/features/api-tokens-and-headless-agents).
* **Per-user identity passing.** A single agent can carry each end user's own identity through to downstream servers, so actions run as the real person and stay fully logged. See [Agents that Pass Identities to MCP Manager](/advanced/agents-passing-identities).

These let an agent **use** a gateway programmatically. The **Admin API** above is what lets you **build and manage** your gateways, servers, and roles programmatically.

<Note>
  **Two kinds of access token, for two different jobs.** A **gateway API access token** connects a headless agent to a gateway (the data plane). An **admin Personal Access Token** (`mcpm_pat_…`) authenticates to the Admin API to manage your configuration (the control plane). They are not interchangeable — see [Admin API & MCP](/admin-api/overview#admin-access-tokens-are-not-gateway-api-tokens).
</Note>

## Working with log data programmatically

Log data leaves MCP Manager in three ways. In the Admin API beta, the [`query_logs`](/admin-api/reference/logging) operation reads the **AI-usage call logs** with filters and pagination — useful for ad-hoc inspection from an agent. For durable pipelines into your own tooling, log data is also available as a **file export** (CSV or ND-JSON) and **pushed to your own collector over OpenTelemetry**. For a continuous feed into a SIEM, prefer OpenTelemetry over polling `query_logs`. See [Accessing log data programmatically](/features/viewing-logs#accessing-log-data-programmatically) and [Export to SIEM](/enterprise/export-to-siem).

## Further reading

<CardGroup cols={2}>
  <Card title="Admin API & MCP" icon="terminal" href="/admin-api/overview">
    The control-plane API and MCP server for managing your workspace from code.
  </Card>

  <Card title="API Tokens & Headless Agents" icon="key" href="/features/api-tokens-and-headless-agents">
    How a headless agent connects to a gateway with a scoped API access token.
  </Card>

  <Card title="Agents passing identities" icon="id-badge" href="/advanced/agents-passing-identities">
    One agent, many users, each acting as themselves through per-user tokens.
  </Card>

  <Card title="Connection Experience" icon="plug-circle-check" href="/features/connection-experience">
    The authorization flow every host uses to connect to a gateway.
  </Card>
</CardGroup>
