> ## Documentation Index
> Fetch the complete documentation index at: https://docs.mcpmanager.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# API Tokens & Headless Agents

> How headless agents connect to MCP Manager with API access tokens: how token-based hosts differ from headed OAuth apps, creating a token-based host and generating, copying, and revoking an API access token scoped to a gateway connection, managing connections, and the break-glass toggles that disable a host, connection, or identity instantly.

Interactive apps like Claude connect to a gateway through OAuth and appear automatically. **Headless agents** — code with no human at a browser — connect with an **API access token** instead. This page covers how to create a token-based host for an agent, generate and revoke its tokens, manage its connections, and cut access instantly with break-glass controls. For a hands-on, end-to-end walkthrough — create a host, issue a token, and call a tool over HTTP — see [Run a headless agent with an API token](/tutorials/headless-agent). For the advanced pattern where one agent carries each end user's *own* identity through to downstream servers, see [Agents that Pass Identities to MCP Manager](/advanced/agents-passing-identities).

<Note>
  Creating token-based hosts and generating tokens is gated by the **Create and manage API tokens** capability; cutting access uses **Disable and enable connections** and **Disable and enable hosts**. If you don't see these controls, your role doesn't have the capability — access depends on the capability, not on any fixed role name. See the [capabilities reference](/deployment/rbac-and-roles/capabilities).
</Note>

<Info>
  The **gateway API access token** on this page connects an agent to a gateway to *use* its servers (the data plane). It is different from an **admin Personal Access Token** (`mcpm_pat_…`), which authenticates to the [Admin API](/admin-api/overview) to *manage* your MCP Manager configuration (the control plane). Use a gateway token to call tools; use an admin token to provision servers, gateways, and roles.
</Info>

## Headed apps versus headless agents

A client is tracked in MCP Manager as a [host](/mcp-gateway-concepts/apps-and-agents), and how it connects determines how you set it up:

* **Headed apps (OAuth).** Interactive clients connect through an OAuth flow and **appear automatically** the first time someone connects one — nothing to register in advance, and the connecting user's identity rides in their OAuth token.
* **Headless agents (token-based).** An agent with no interactive sign-in connects with an **API access token**. You create a **token-based host** to represent the agent and generate a token for it to present on each call.

## Create a token-based host and generate a token

<Steps>
  <Step title="Create the token-based host">
    In [Apps & Agents](https://app.mcpmanager.ai/settings/hosts), create a **token-based host** and name it for the agent (for example, "Feedback bot"). You do this once, as an administrator.
  </Step>

  <Step title="Start the connection and choose the gateway">
    Generate an API access token for the host and select the gateway it should reach. You're taken through the **same authorization flow** as any connection — confirming the gateway and bringing an identity for each per-user server (see [Connection Experience](/features/connection-experience)).
  </Step>

  <Step title="Copy or download the token">
    On completion MCP Manager issues the **API access token**. Copy or download it **now** — it is shown once — and place it in the agent's secret store. The token is scoped to that **host and its connection to the chosen gateway**, so it only reaches the servers that gateway exposes.
  </Step>
</Steps>

## Revoking and rotating tokens

Revocation is immediate. Revoke a token by deleting it or disabling its host; to **rotate**, generate a new token and update the agent, then remove the old one. Because the token is bound to a specific host and gateway connection, revoking it stops only that agent's access — nothing else is affected.

## Managing connections

Each **connection** is the intersection of a specific host, a specific gateway, and a specific user. From a gateway's **Connections** tab you can see every connection and **disable or enable** any one of them, cutting or restoring that single link without touching the host's other connections.

## Break-glass: cut access instantly

Every layer of a connection carries an `enabled` toggle that is checked on **every request, with no caching**, so disabling one takes effect at once and nothing is deleted in the meantime:

* Disable a **host** to block an entire app or agent.
* Disable a **connection** to sever one host-to-gateway link.
* Disable an **identity**, a **server**, or a whole **gateway** to stop traffic at that scope.

Re-enabling restores access immediately. This is the control you reach for during an incident, an offboarding, or when a vetted agent starts misbehaving — one toggle, effective on the next call.

## Carrying each user's identity through an agent

A single token-based host can serve **many** end users while still using **each user's own downstream credential**: every user enrolls once and brings their identity, MCP Manager mints them a per-user token, and the agent presents the right user's token on each call so the downstream server acts as the real person — fully governed and logged. This advanced pattern, including the runtime sequence, is documented in [Agents that Pass Identities to MCP Manager](/advanced/agents-passing-identities).

## Further reading

<CardGroup cols={2}>
  <Card title="Apps & Agents" icon="robot" href="/mcp-gateway-concepts/apps-and-agents">
    How clients are tracked as hosts and how administrators allow or disable them.
  </Card>

  <Card title="Agents passing identities" icon="id-badge" href="/advanced/agents-passing-identities">
    One agent, many users, each acting as themselves through per-user tokens.
  </Card>

  <Card title="Connection Experience" icon="plug-circle-check" href="/features/connection-experience">
    The shared authorization flow that token-based hosts use to connect.
  </Card>

  <Card title="Authentication & Identity" icon="fingerprint" href="/security/authentication-and-identity">
    How credentials are stored, refreshed, and revoked behind every token.
  </Card>
</CardGroup>
