<?xml version="1.0" encoding="UTF-8"?><rss xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:atom="http://www.w3.org/2005/Atom" version="2.0"><channel><title><![CDATA[How do I allow access to FusionAuth using agents?]]></title><description><![CDATA[<p dir="auto">how would I use the <a href="https://fusionauth.io/docs/get-started/download-and-install/development/mcp-server" rel="nofollow ugc">FusionAuth MCP server</a> to allow an agent to interact with FusionAuth?</p>
]]></description><link>https://fusionauth.io/community/forum/topic/3138/how-do-i-allow-access-to-fusionauth-using-agents</link><generator>RSS for Node</generator><lastBuildDate>Wed, 08 Jul 2026 01:05:21 GMT</lastBuildDate><atom:link href="https://fusionauth.io/community/forum/topic/3138.rss" rel="self" type="application/rss+xml"/><pubDate>Tue, 07 Jul 2026 13:07:43 GMT</pubDate><ttl>60</ttl><item><title><![CDATA[Reply to How do I allow access to FusionAuth using agents? on Tue, 07 Jul 2026 13:17:48 GMT]]></title><description><![CDATA[<p dir="auto">Here are two scenarios for using the FusionAuth <a href="https://fusionauth.io/docs/get-started/download-and-install/development/mcp-server" rel="nofollow ugc">API MCP Server</a>, which is an MCP server that connects over STDIO and can be used to configure a FusionAuth instance.</p>
<ul>
<li>Local development — letting an agent configure FusionAuth and recording the steps for later automation</li>
<li>Production read-only — using an agent to safely query a production instance</li>
</ul>
<p dir="auto"><img src="https://fusionauth.io/community/forum/assets/plugins/nodebb-plugin-emoji/emoji/android/26a0.png?v=rcgg4tg866g" class="not-responsive emoji emoji-android emoji--warning" style="height:23px;width:auto;vertical-align:middle" title=":warning:" alt="⚠" /> Preview Warning: The FusionAuth MCP server is a preview release and may break, change, or be discontinued. It is intended for development and test instances. Never give an MCP client unrestricted access to a production instance.</p>
<h3>Prerequisites</h3>
<ul>
<li>A running FusionAuth instance (local or remote)</li>
<li>Node.js installed</li>
<li>An MCP-compatible client (e.g., Claude Desktop)</li>
</ul>
<h3>Scenario 1: Local Development</h3>
<p dir="auto">This lets you configure FusionAuth and record steps to apply to other instances.</p>
<ul>
<li>Create a read-write API key. In your local FusionAuth instance, <a href="https://fusionauth.io/docs/apis/authentication#managing-api-keys" rel="nofollow ugc">create an API key</a> with the permissions you need. For full configuration work, you may want broad permissions, but always follow the principle of least privilege — for example, if you're only working with applications and themes, grant only those permissions.</li>
<li>Configure your MCP client. For Claude Desktop on macOS, edit ~/Library/Application Support/Claude/claude_desktop_config.json to add the FusionAuth MCP server. Since you want full configuration access, omit the USE_TOOLS restriction (note: you'll need a model that can handle ~200k tokens):</li>
</ul>
<pre><code>{
  "mcpServers": {
    "fusionauth-mcp-api": {
      "command": "npx",
      "args": [
        "@fusionauth/mcp-api"
      ],
      "env": {
        "API_KEY_APIKEYAUTH": "&lt;your-read-write-api-key&gt;",
        "API_BASE_URL": "http://localhost:9011"
      }
    }
  }
}
</code></pre>
<p dir="auto">Restart Claude Desktop after saving.</p>
<ul>
<li>Verify the connection. Open Claude Desktop and ask:</li>
</ul>
<p dir="auto">"Which tools do you have access to?"</p>
<p dir="auto">You should see a list of all FusionAuth API tools (300+).</p>
<ul>
<li>Configure FusionAuth using natural language. Now you can describe what you want in plain English. For example:</li>
</ul>
<p dir="auto">"Set up a custom registration form for the Pied Piper application. Require email address and password, but allow first name and favorite color to be optional. Put them all on one page."</p>
<p dir="auto">Or:</p>
<p dir="auto">"Add a user with an email address of <code>test@example.com</code> and a password of <code>password</code>."</p>
<p dir="auto">The agent will make the appropriate API calls on your behalf.</p>
<ul>
<li>Export your configuration for automation. Once you've configured things the way you want, ask the agent to export the configuration so you can turn it into repeatable scripts:</li>
</ul>
<p dir="auto">"Please export the configuration for the Pied Piper application to a kickstart file."</p>
<p dir="auto">"Export the current tenant configuration as a Terraform file."</p>
<p dir="auto">This gives you a reproducible artifact you can commit to source control or use in CI/CD pipelines.</p>
<p dir="auto">You can reduce tool scope. If you only need to work with specific operations (e.g., no deletes), you can reduce the tool list to improve performance and limit risk:</p>
<pre><code>"env": {
  "API_KEY_APIKEYAUTH": "&lt;your-api-key&gt;",
  "API_BASE_URL": "http://localhost:9011",
  "USE_TOOLS": "create,update,retrieve,search,other"
}
</code></pre>
<p dir="auto">This omits the delete APIs and reduces the tool list by ~20%.</p>
<h3>Scenario 2: Production Read-Only Queries with an Agent</h3>
<p dir="auto">The security model of this approach consists of three layers: the instance you connect to, the tool categories you expose, and the permissions on the API key itself. Combining a read-only API key with USE_TOOLS="retrieve,search" gives you defense in depth for production queries.</p>
<ul>
<li>Create a read-only API key. In your production FusionAuth instance, create an API key scoped to read-only operations only. This is the most important security step — the API key defines the ceiling of what the agent can do.</li>
<li>Configure your MCP client with read-only tools. Edit your MCP client config to point at your production instance and restrict tools to retrieve and search only:</li>
</ul>
<pre><code>{
  "mcpServers": {
    "fusionauth-mcp-api-prod": {
      "command": "npx",
      "args": [
        "@fusionauth/mcp-api"
      ],
      "env": {
        "API_KEY_APIKEYAUTH": "&lt;your-read-only-api-key&gt;",
        "API_BASE_URL": "https://your-production-fusionauth-instance.com",
        "USE_TOOLS": "retrieve,search"
      }
    }
  }
}
</code></pre>
<p dir="auto">Setting USE_TOOLS="retrieve,search" reduces the tool list by 66% and ensures the agent cannot create, update, patch, or delete anything. This is a second layer of defense.</p>
<ul>
<li>Verify read-only access. Ask the agent:</li>
</ul>
<p dir="auto">"Which tools do you have access to?"</p>
<p dir="auto">Confirm that only retrieve and search tools are listed — no create, update, delete, or patch tools should appear.</p>
<ul>
<li>
<p dir="auto">Query production data. You can now safely ask questions like:</p>
<ul>
<li>"Is PKCE enforced for all my applications?"</li>
<li>"How many users do I have in my FusionAuth instance?"</li>
<li>"How many FusionAuth applications do I have?"</li>
</ul>
</li>
</ul>
<p dir="auto">The agent will use the read-only API tools to answer your questions without modifying anything.</p>
]]></description><link>https://fusionauth.io/community/forum/post/8613</link><guid isPermaLink="true">https://fusionauth.io/community/forum/post/8613</guid><dc:creator><![CDATA[dan]]></dc:creator><pubDate>Tue, 07 Jul 2026 13:17:48 GMT</pubDate></item></channel></rss>