BoldDesk MCP Server Authentication
The BoldDesk MCP Server uses API key-based authentication to securely validate and authorize requests from MCP-compatible clients. This authentication model ensures that only authorized users and applications can access and perform actions within your BoldDesk account.
How Authentication Works
Authentication is handled through BoldDesk API keys, providing a secure and reliable way to connect AI assistants, development tools, and automation workflows to the BoldDesk MCP Server.
When a client connects to the MCP Server:
- Every request must include a valid BoldDesk API key.
- The API key identifies the authenticated user.
- Access permissions are automatically enforced based on the user’s assigned roles and permissions.
- All actions are performed within the context of the authenticated user’s account.
This ensures that AI agents can only access resources and perform operations that the authenticated user is authorized to use.
User Scope and Permissions
The MCP Server respects all existing BoldDesk permission controls.
Based on the authenticated API key, AI agents can access only the resources available to that user, including:
- Brands
- Tickets
- Forms
- Groups
- Agents
- Approval workflows
- Other account-specific resources
Any actions performed through the MCP Server follow the same permission boundaries enforced within the BoldDesk application.
Configure Authentication
Follow these steps to authenticate your MCP client with the BoldDesk MCP Server.
Step 1: Generate an API Key
Generate an API key from your BoldDesk profile settings.
The API key will be used to authenticate requests between your MCP client and the BoldDesk MCP Server.
Step 2: Configure Your MCP Client
Add the API key to your MCP client configuration.
Supported clients include:
- Claude
- ChatGPT
- GitHub Copilot
- Code Studio
- Other MCP-compatible clients
Each client uses its own configuration method, but all require the same API key for authentication.
Step 3: Include the API Key in Requests
Ensure that all MCP requests include the API key as part of the authentication configuration.
The MCP Server validates the key before processing any tool calls or actions.
Security Best Practices
To keep your BoldDesk account secure, follow these recommendations:
- Store API keys securely.
- Never expose API keys in client-side applications or public repositories.
- Avoid sharing API keys with unauthorized users.
- Rotate API keys periodically according to your organization’s security policies.
- Revoke and regenerate compromised keys immediately.
Important Notes
- Access permissions are determined entirely by the API key being used.
- The MCP Server does not grant additional privileges beyond those assigned to the authenticated user.
- All interactions, actions, and data access are restricted to the authenticated user’s scope, including brands, forms, roles, and associated permissions.
- Requests made with invalid or expired API keys will be rejected.
By using API key-based authentication, the BoldDesk MCP Server provides a secure and controlled way for AI agents and MCP-compatible clients to interact with your support environment.