Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@portkey-admin-mcplist all users in my organization"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Portkey Admin MCP Server
MCP server for Portkey Admin API. 116 tools for prompts, configs, analytics & more.
๐ Contents
๐ Quick Start
Installation Methods
Method | Type | Setup |
| Zero-install | Runs directly via npx |
Self-hosted |
|
npx (Recommended)
PORTKEY_API_KEY=your_key npx -y portkey-admin-mcpclaude mcp add -e PORTKEY_API_KEY=your_key portkey -- npx -y portkey-admin-mcpAdd to your MCP config (.cursor/mcp.json, .windsurf/mcp.json, or .vscode/mcp.json):
{
"mcpServers": {
"portkey": {
"command": "npx",
"args": ["-y", "portkey-admin-mcp"],
"env": {
"PORTKEY_API_KEY": "your_api_key"
}
}
}
}git clone https://github.com/s-b-e-n-s-o-n/portkey-admin-mcp.git
cd portkey-admin-mcp
npm install
npm run buildThen use this config:
{
"mcpServers": {
"portkey": {
"command": "node",
"args": ["/path/to/portkey-admin-mcp/build/index.js"],
"env": {
"PORTKEY_API_KEY": "your_api_key"
}
}
}
}โจ Features
๐ง Tools (116)
Tool | Description |
| List all users in organization |
| Get user details |
| Update user |
| Remove user |
| Invite a new user |
| List pending invites |
| Get invite details |
| Cancel invite |
| Resend invite email |
| Get user statistics |
Tool | Description |
| List all workspaces |
| Get workspace details |
| Create workspace |
| Update workspace |
| Delete workspace |
| Add member to workspace |
| List workspace members |
| Get member details |
| Update member role |
| Remove member |
Tool | Description |
| List gateway configs |
| Get config details |
| Create config |
| Update config |
| Delete config |
| List config version history |
Tool | Description |
| List API keys |
| Create API key |
| Get API key details |
| Update API key |
| Delete API key |
| List virtual keys |
| Create virtual key |
| Get virtual key details |
| Update virtual key |
| Delete virtual key |
Tool | Description |
| List prompt collections |
| Create a collection |
| Get collection details |
| Update collection |
| Delete collection |
Tool | Description |
| List prompts |
| Create a prompt template |
| Get prompt details |
| Update a prompt |
| Delete prompt |
| Publish prompt version |
| List version history |
| Render prompt with variables |
| Execute prompt completion |
| Create-or-update prompt |
| Promote prompt between environments |
| Validate billing metadata |
Tool | Description |
| Create reusable partial |
| List partials |
| Get partial details |
| Update partial |
| Delete partial |
| List partial versions |
| Publish partial version |
Tool | Description |
| Create label |
| List labels |
| Get label details |
| Update label |
| Delete label |
Tool | Description |
| List guardrails |
| Create guardrail |
| Get guardrail details |
| Update guardrail |
| Delete guardrail |
Tool | Description |
| List usage limits |
| Create usage limit |
| Get limit details |
| Update limit |
| Delete limit |
Tool | Description |
| List rate limits |
| Create rate limit |
| Get rate limit details |
| Update rate limit |
| Delete rate limit |
Tool | Description |
| List audit log entries |
Tool | Description |
| Get cost analytics data |
| Request analytics |
| Token usage analytics |
| Latency analytics |
| Error analytics |
| Error rate analytics |
| Per-user analytics |
| Cache hit latency |
| Cache hit rate |
Tool | Description |
| Insert log entry |
| Create log export |
| List exports |
| Get export details |
| Update export |
| Start export job |
| Cancel export |
| Download export |
Tool | Description |
| Create feedback |
| Update feedback |
| Get trace details |
Tool | Description |
| List providers |
| Create provider |
| Get provider details |
| Update provider |
| Delete provider |
Tool | Description |
| List integrations |
| Create integration |
| Get integration details |
| Update integration |
| Delete integration |
| List custom models |
| Update custom models |
| Delete custom model |
| List workspace access |
| Update workspace access |
๐๏ธ Architecture
sequenceDiagram
participant Client as Client (Claude)
participant Transport as MCP Transport<br/>(Stdio or HTTP)
participant Server as MCP Server
participant Facade as PortkeyService
participant Domain as Domain Service<br/>(e.g., UsersService)
participant API as Portkey API
Client->>Transport: Tool invocation request
Transport->>Server: Forward request
Server->>Server: Parse tool name & params
Server->>Facade: Call delegated method
Facade->>Domain: Delegate to domain service
Domain->>API: HTTP GET /users
API-->>Domain: JSON response
Domain-->>Facade: Return typed data
Facade-->>Server: Return data
Server-->>Transport: Tool result
Transport-->>Client: Display result๐ข Deployment
Transports
Transport | Entrypoint | Use Case |
|
| Local CLI tools (Claude Code, Cursor) |
|
| Remote clients, web, production |
MCP_TRANSPORT is retained for compatibility, but transport selection is done by choosing the correct entrypoint.
Session Modes (HTTP)
Mode | Env | Best For | Tradeoff |
Stateful |
| Single-instance always-on services | Session transport state is in memory |
Stateless |
| Autoscaling/serverless (Render scale-out, Vercel, Cloud Run) |
|
Recommended Hosted Defaults (Team Setup)
For shared/team hosting, use:
MCP_SESSION_MODE=statelessMCP_EVENT_STORE=redisMCP_REDIS_URL=...(orREDIS_URL=...)MCP_AUTH_MODE=clerk(orbearerfor internal-only setups)ALLOWED_ORIGINS=https://your-app-domainMCP_READY_CHECK_MODE=portkey
This keeps MCP request handling stateless while preserving stream resumability across instances.
Event Store Modes
Mode | Env | Default | Purpose |
Off |
|
| No resumability store |
Memory |
|
| In-process resumability |
Redis |
| none | Shared resumability across instances |
MCP_EVENT_TTL_SECONDS controls retention (default 3600).
When MCP_EVENT_STORE=redis, the server resolves Redis URL in this order:
MCP_REDIS_URL first, then REDIS_URL.
HTTP Mode
PORTKEY_API_KEY=your_key \
MCP_HOST=0.0.0.0 \
MCP_PORT=3000 \
MCP_SESSION_MODE=stateful \
MCP_EVENT_STORE=off \
MCP_AUTH_MODE=bearer \
MCP_AUTH_TOKEN=replace_with_long_random_secret \
node build/server.jsExposes a single /mcp endpoint with session management via Mcp-Session-Id header.
HTTPS Mode (Native TLS)
PORTKEY_API_KEY=your_key \
MCP_HOST=0.0.0.0 \
MCP_PORT=3443 \
MCP_TLS_KEY_PATH=/etc/ssl/private/server.key \
MCP_TLS_CERT_PATH=/etc/ssl/certs/server.crt \
MCP_AUTH_MODE=clerk \
CLERK_ISSUER=https://your-clerk-domain \
node build/server.jsIf you host behind a platform/load balancer (Vercel, Cloud Run, Fly, Nginx, Cloudflare), leave MCP_TLS_* unset and let the platform terminate HTTPS.
Clerk Auth (HTTP)
PORTKEY_API_KEY=your_key \
MCP_HOST=0.0.0.0 \
MCP_PORT=3000 \
MCP_SESSION_MODE=stateless \
MCP_EVENT_STORE=redis \
MCP_REDIS_URL=redis://localhost:6379 \
MCP_AUTH_MODE=clerk \
CLERK_ISSUER=https://your-clerk-domain \
CLERK_AUDIENCE=your-audience \
node build/server.jsVercel
This repo includes Vercel routing files:
api/index.ts- Vercel function entrypointvercel.json- rewrites/,/mcp,/health,/ready,/auth/infoto that function
Full setup guide (including public-repo security checklist):
Recommended Vercel environment variables:
PORTKEY_API_KEY=...MCP_SESSION_MODE=statelessMCP_EVENT_STORE=redisMCP_REDIS_URL=redis://...MCP_AUTH_MODE=clerk(orbearer)CLERK_ISSUER=https://your-clerk-domain(required whenMCP_AUTH_MODE=clerk)CLERK_AUDIENCE=your-audience(required whenMCP_AUTH_MODE=clerk)ALLOWED_ORIGINS=https://your-app-domainMCP_TRUST_PROXY=trueMCP_READY_CHECK_MODE=portkey
Notes:
Leave
MCP_TLS_*unset on Vercel (Vercel terminates HTTPS).Keep MCP on Streamable HTTP/SSE (Vercel does not support WebSockets).
vercel.jsonsets functionmaxDurationto300; adjust based on your plan limits.For public repos, never commit keys; keep all credentials in Vercel Environment Variables only.
Quick MCP HTTP Test
After starting the HTTP server, run:
npm run test:httpOptional overrides:
MCP_TEST_BASE_URL=https://your-hostMCP_TEST_MCP_URL=https://your-host/mcpMCP_TEST_BEARER_TOKEN=...(orMCP_TEST_AUTH_HEADER='Authorization: Bearer ...')
The script verifies /health, /ready, runs initialize, then runs tools/list.
Docker
docker build -t portkey-admin-mcp .
docker run \
-e PORTKEY_API_KEY=your_key \
-e MCP_HOST=0.0.0.0 \
-e MCP_PORT=3000 \
-e MCP_AUTH_MODE=bearer \
-e MCP_AUTH_TOKEN=replace_with_long_random_secret \
-p 3000:3000 \
portkey-admin-mcpHealth Endpoints
GET /- Web status/auth helper pageGET /auth/info- Auth metadata (auth mode, session mode, event store mode, Clerk config flags, MCP endpoint URL)GET /health- Server statusGET /ready- Readiness state (includes session mode/event store mode, and optional Portkey connectivity whenMCP_READY_CHECK_MODE=portkey)
โ ๏ธ Limitations
Enterprise Features
The following require a Portkey Enterprise plan with Admin API keys:
Analytics (cost, request, token, latency, error, cache, feedback)
Log exports
Audit logs
User management (list users, invites)
Provider creation
Scope-Gated Endpoints (Verified 2026-02-25)
Most 403 responses include Portkey error code AB03 ("not enough permissions").
This indicates missing API key scopes, not broken endpoint paths.
Endpoint Group | Typical Failing Tools | Required Scope(s) |
Users |
|
|
User Invites |
|
|
API Keys |
|
|
Audit Logs |
|
|
Analytics Graphs |
|
|
Analytics Groups |
|
|
Integration Access |
|
|
๐ ๏ธ Development
npm run dev # stdio with hot reload
npm run dev:http # HTTP with hot reload
npm run test:e2e # MCP protocol tests
npm run test:contract # API contract tests
npm run ci # full CI pipeline (lint + typecheck + test + build + verify)Built With
MIT License ยท Inspired by r-huijts/portkey-admin-mcp-server
โ Back to top