Skip to main content
← Documentation

MCP Setup

MCP Setup

MCP (Model Context Protocol) allows external AI tools and applications to connect to your AgentDesk portal securely.

What is MCP?

MCP provides a standardised way for AI-powered tools to interact with your portal's ticket system. With MCP enabled, authorised external applications can read ticket information, post updates, and trigger workflows through a secure connection.

Enabling MCP access

  1. Go to Admin > Settings > MCP Access.
  2. Configure the MCP client settings for your organisation.
  3. Save the settings.

Once enabled, authorised MCP clients can connect to your portal using the OAuth-based authentication flow.

How MCP authentication works

MCP uses OAuth for secure authentication. External applications must:

  1. Be registered as an authorised MCP client
  2. Authenticate through the OAuth flow
  3. Receive a scoped access token

This ensures that only approved applications can access your portal data, and each application only has access to the data it needs.

Use cases

Use caseDescription
AI assistantsConnect AI tools that can read and update tickets on behalf of your team
Automation toolsAllow external automation platforms to interact with your ticket workflows
Custom integrationsBuild custom tools that connect to your portal through a standard protocol

API keys

API keys provide programmatic access to the AgentDesk API for scripts, integrations, and MCP clients.

Creating an API key

  1. Go to Admin > Settings > MCP Access.
  2. Click Create API Key.
  3. Enter a name to identify the key.
  4. Select one or more scopes to control what the key can access.
  5. Optionally restrict the key to a specific portal.
  6. Click Create. Copy the key immediately -- it is only shown once.

API keys use the format noice_sk_live_ followed by a unique token.

Scopes

ScopeWhat it allows
tickets:readRead ticket details, comments, and attachments
tickets:writeCreate and update tickets, add comments
workflows:*Trigger and manage AI workflows
portals:readRead portal configuration and user lists
portals:writeUpdate portal settings
users:readRead user profiles and roles
users:writeInvite users and update roles

Portal restrictions

When creating a key, you can restrict it to a single portal. A restricted key can only access data within that portal. Keys without a portal restriction can access all portals in the organisation.

Revoking a key

To revoke an API key:

  1. Go to Admin > Settings > MCP Access.
  2. Find the key in the list and click Revoke.
  3. Confirm the action.

Revoked keys stop working immediately. This cannot be undone.

Device flow authentication

For MCP clients running on devices without a browser (such as CLI tools or headless servers), AgentDesk supports the OAuth 2.0 device authorisation flow:

  1. The MCP client requests a device code from AgentDesk.
  2. The user is shown a URL and a code to enter.
  3. The user opens the URL in a browser, signs in, and enters the code.
  4. Once approved, the MCP client receives an access token.

This flow allows MCP clients to authenticate securely without handling user credentials directly.

Security

  • MCP connections are authenticated and scoped
  • All communication uses encrypted HTTPS
  • Access can be revoked at any time from the MCP settings page
  • Activity is logged for auditing