Scopes
Scopes control what an MCP API key is allowed to do. Each scope grants access to a set of tools, grouped by risk level and platform.
How Scopes Work
When you create an MCP key, you assign it one or more scopes. The key can only access tools
within those scopes. Requests outside the allowed scopes return a 403 Forbidden error.
Available Scopes
| Scope | Access Level | Description |
|---|---|---|
read | Read | Read-only tools — list, get, search operations |
write | Write | Create and update operations (includes read) |
admin | Admin | Full access including delete operations (includes read + write) |
Platform-Specific Scopes
Scopes can be narrowed to specific platforms:
tape:read — Read-only access to Tape tools
podio:write — Read + write access to Podio tools
sharefile:admin — Full access to ShareFile toolsCombining Scopes
Scopes are additive. A key with tape:write and podio:read can create records
in Tape but only read data from Podio.
Principle of least privilege: Start with read scopes and only
add write or admin when needed.