Category

BoldDesk MCP Server Authentication

Updated:

The BoldDesk MCP Server uses API key-based authentication to securely validate and authorize requests from MCP-compatible clients. This authentication model ensures that only authorized users and applications can access and perform actions within your BoldDesk account.

How Authentication Works

Authentication is handled through BoldDesk API keys, providing a secure and reliable way to connect AI assistants, development tools, and automation workflows to the BoldDesk MCP Server.

When a client connects to the MCP Server:

  • Every request must include a valid BoldDesk API key.
  • The API key identifies the authenticated user.
  • Access permissions are automatically enforced based on the user’s assigned roles and permissions.
  • All actions are performed within the context of the authenticated user’s account.

This ensures that AI agents can only access resources and perform operations that the authenticated user is authorized to use.

User Scope and Permissions

The MCP Server respects all existing BoldDesk permission controls.

Based on the authenticated API key, AI agents can access only the resources available to that user, including:

  • Brands
  • Tickets
  • Forms
  • Groups
  • Agents
  • Approval workflows
  • Other account-specific resources

Any actions performed through the MCP Server follow the same permission boundaries enforced within the BoldDesk application.

Configure Authentication

Follow these steps to authenticate your MCP client with the BoldDesk MCP Server.

Step 1: Generate an API Key

Generate an API key from your BoldDesk profile settings.

The API key will be used to authenticate requests between your MCP client and the BoldDesk MCP Server.

Step 2: Configure Your MCP Client

Add the API key to your MCP client configuration.

Supported clients include:

  • Claude
  • ChatGPT
  • GitHub Copilot
  • Code Studio
  • Other MCP-compatible clients

Each client uses its own configuration method, but all require the same API key for authentication.

Step 3: Include the API Key in Requests

Ensure that all MCP requests include the API key as part of the authentication configuration.

The MCP Server validates the key before processing any tool calls or actions.

Security Best Practices

To keep your BoldDesk account secure, follow these recommendations:

  • Store API keys securely.
  • Never expose API keys in client-side applications or public repositories.
  • Avoid sharing API keys with unauthorized users.
  • Rotate API keys periodically according to your organization’s security policies.
  • Revoke and regenerate compromised keys immediately.

Important Notes

  • Access permissions are determined entirely by the API key being used.
  • The MCP Server does not grant additional privileges beyond those assigned to the authenticated user.
  • All interactions, actions, and data access are restricted to the authenticated user’s scope, including brands, forms, roles, and associated permissions.
  • Requests made with invalid or expired API keys will be rejected.

By using API key-based authentication, the BoldDesk MCP Server provides a secure and controlled way for AI agents and MCP-compatible clients to interact with your support environment.

Was this article useful?
Like
Dislike
Help us improve this page
Please provide feedback or comments
Comments (0)
Access denied
Access denied
Access denied
Access denied

No articles or sections found
No articles or sections found