Kaltura MCP Server

A Model Context Protocol (MCP) server that provides secure, read-only tools for managing Kaltura API operations. This server enables AI assistants to search, discover, and analyze Kaltura media content safely.

Features

Media Discovery: Search and browse media entries with advanced filtering
Content Analysis: Access captions, transcripts, and attachment content
Category Management: Browse and explore content categories
Analytics: Retrieve viewing analytics and performance metrics
Secure Access: Read-only operations with comprehensive input validation
Session Management: Automatic session handling with configurable expiry

Installation

Clone this repository:

git clone https://github.com/zoharbabin/kaltura-mcp.git
cd kaltura-mcp

Install dependencies:

pip install -e .

Usage Modes

This server supports two deployment modes:

🔧 Local MCP Server (Stdio Mode)

Best for: Personal use, direct Claude Desktop integration, development

🌐 Remote MCP Server (HTTP/SSE Mode)

Best for: Hosted services, multiple users, production deployments

Local MCP Server Setup (Claude Desktop)

Step 1: Install Package

pip install kaltura-mcp

Step 2: Setup Environment Configuration

🔒 Secure Method (Recommended): Use the interactive setup script:

# Navigate to your project directory
cd /path/to/kaltura-mcp

# Run the interactive setup
python setup_env.py

The script will guide you through:

Choosing between stdio (local) or remote mode
Securely entering your Kaltura credentials
Generating a .env file with proper permissions (600)
Providing the exact Claude Desktop configuration

📋 Manual Method: Copy and edit the example file:

# Copy the example file
cp .env.example .env

# Edit with your credentials
# - For stdio mode: Only fill in KALTURA_* variables
# - For remote mode: Fill in JWT_SECRET_KEY, OAUTH_*, and SERVER_* variables
nano .env

# Set secure permissions
chmod 600 .env

Step 3: Get Your Kaltura Credentials

You'll need these credentials from your Kaltura account:

Service URL: Your Kaltura server URL (usually https://cdnapisec.kaltura.com)
Partner ID: Your numeric partner ID (found in KMC → Settings → Integration Settings)
Admin Secret: Your API admin secret key (found in KMC → Settings → Integration Settings)
User ID: Your Kaltura user ID (usually your email or admin)

Step 4: Configure Claude Desktop

Open your Claude Desktop configuration file:

macOS: ~/Library/Application\ Support/Claude/claude_desktop_config.json Windows: %APPDATA%\Claude\claude_desktop_config.json

🔒 Secure Configuration (credentials in .env file):

{
  "mcpServers": {
    "kaltura": {
      "command": "/full/path/to/kaltura-mcp"
    }
  }
}

Important Notes:

Replace /full/path/to/kaltura-mcp with the actual path to your kaltura-mcp command (find it with which kaltura-mcp)
The .env file is automatically loaded from the project directory by the server
The setup_env.py script will automatically detect and provide the correct command path

Step 5: Restart Claude Desktop

After saving the configuration file, restart Claude Desktop completely for the changes to take effect.

Step 6: Test the Integration

In Claude Desktop, try asking:

"Search for recent Kaltura videos"
"List my Kaltura categories"
"Find videos about [topic] in my Kaltura account"

Troubleshooting Local Setup

Issue: kaltura-mcp command not found

Solution: Make sure you installed with pip install kaltura-mcp and the command is in your PATH

Issue: "Error: Missing required environment variables"

Solution:
1. Check that .env file exists in your project directory
2. Verify file permissions: ls -la .env (should show -rw-------)
3. Ensure all required Kaltura credentials are set in .env file

Issue: "Invalid credentials" or "Authentication failed"

Solution:
1. Verify your credentials in Kaltura KMC → Settings → Integration Settings
2. Check .env file for typos or extra spaces
3. Run python setup_env.py to recreate the configuration

Issue: Claude Desktop doesn't show the MCP server

Solution:
1. Check the config file syntax with a JSON validator
2. Verify the command path is correct (use which kaltura-mcp)
3. Restart Claude Desktop completely
4. Check Claude Desktop logs for error messages

Issue: ".env file not found" error

Solution:
1. Run python setup_env.py from your project directory
2. Ensure the .env file exists in the same directory as the server code
3. Check file permissions: ls -la .env (should show -rw-------)

✅ Security Benefits:

✅ Secure file permissions (600 - owner only)
✅ Git-ignored by default (won't be committed)
✅ Local to project directory (easy to manage)
✅ Standard .env pattern (familiar to developers)
✅ No credentials in config files (improved security)

Remote MCP Server Setup

Configuration

For remote/hosted deployment, additional environment variables are required:

cp .env.example .env
# Configure remote server settings

Required environment variables:

JWT_SECRET_KEY: Strong secret key for JWT token signing (⚠️ CRITICAL FOR SECURITY)
OAUTH_REDIRECT_URI: OAuth callback URL (e.g., https://your-domain.com/oauth/callback)
SERVER_HOST: Server bind address (default: 0.0.0.0)
SERVER_PORT: Server port (default: 8000)

Optional environment variables:

SERVER_RELOAD: Enable auto-reload in development (default: false)
OAUTH_CLIENT_ID: Custom OAuth client ID
OAUTH_CLIENT_SECRET: Custom OAuth client secret

Running Remote Server

# Using the installed command
kaltura-mcp-remote

# Or using Python module
python -m kaltura_mcp.remote_server

The remote server provides:

HTTP/SSE transport for MCP protocol
JWT-based authentication for secure credential management
Web-based authorization flow for user-friendly setup
Multi-tenant support for hosting as a service

Available Tools

get_media_entry - Get detailed information about a specific media entry
- Parameters: entry_id (required)
list_categories - List and search content categories
- Parameters: search_text, limit
Analytics Tools - Comprehensive analytics suite with purpose-driven functions:
- get_analytics - General analytics data for reporting and analysis
- get_analytics_timeseries - Time-series data optimized for charts
- get_video_retention - Detailed viewer retention analysis throughout videos
- get_realtime_metrics - Live analytics updated every ~30 seconds
- get_quality_metrics - Quality of Experience (QoE) and streaming performance
- get_geographic_breakdown - Location-based analytics at various granularities
- list_analytics_capabilities - Discover all available analytics functions
- See Analytics Guide for detailed usage
get_download_url - Get direct download URL for media files
- Parameters: entry_id (required), flavor_id
get_thumbnail_url - Get video thumbnail/preview image URL with custom dimensions
- Parameters: entry_id (required), width, height, second
search_entries - Search and discover media entries with intelligent sorting and filtering
- Parameters: query (required), search_type, match_type, specific_field, boolean_operator, include_highlights, custom_metadata, date_range, max_results, sort_field, sort_order
list_caption_assets - List available captions and subtitles for a media entry
- Parameters: entry_id (required)
get_caption_content - Get caption/subtitle content and download URL
- Parameters: caption_asset_id (required)
list_attachment_assets - List attachment assets for a media entry
- Parameters: entry_id (required)
get_attachment_content - Get attachment content details and download content as base64
- Parameters: attachment_asset_id (required)

Prompts

The server provides intelligent prompts to guide users through complex workflows:

analytics_wizard - Interactive guide for creating comprehensive analytics reports
Arguments: - analysis_goal: What to analyze (e.g., "video performance", "viewer engagement", "geographic reach") - time_period: Time range (e.g., "today", "yesterday", "last_week", "last_month")
content_discovery - Natural language search assistant for finding media
Arguments: - search_intent: What you're looking for in natural language - include_details: Whether to fetch captions/attachments (yes/no)
accessibility_audit - Content accessibility compliance checker
Arguments: - audit_scope: What to audit ("all", "recent", "category:name", or entry_id)
retention_analysis - Create comprehensive retention analysis report
Arguments: - entry_id: Video to analyze (e.g., "1_3atosphg") [required] - time_period: Months of data to analyze (default: "12") - output_format: "interactive" (HTML) or "markdown" (default: "interactive")

Resources

The server exposes frequently-used data as cached resources:

kaltura://analytics/capabilities - Complete analytics documentation
- All 60+ report types with descriptions
- Available metrics and dimensions
- Best practices for different use cases
- Cached for 30 minutes
kaltura://categories/tree - Category hierarchy with entry counts
- Complete category tree structure
- Entry counts per category
- Parent-child relationships
- Cached for 30 minutes
kaltura://media/recent/{count} - Recent media entries
- Replace {count} with number of entries (e.g., kaltura://media/recent/20)
- Maximum 100 entries
- Includes basic metadata
- Cached for 5 minutes

Remote MCP Server (Advanced)

User Authorization Flow

Server Deployment: Deploy the remote server to your hosting environment
User Authorization: Users visit https://your-server.com/oauth/authorize
Credential Entry: Users securely enter their Kaltura credentials via web form
Token Generation: Server generates a JWT token with encrypted credentials
Client Configuration: Users add the server URL and token to their MCP client

Step-by-Step Remote Setup

1. Generate Secure JWT Secret

# Generate a strong secret key
python -c "import secrets; print(secrets.token_urlsafe(32))"

2. Configure Environment

# Set in your .env file or environment
JWT_SECRET_KEY=your-generated-secret-key-here
OAUTH_REDIRECT_URI=https://your-domain.com/oauth/callback
SERVER_HOST=0.0.0.0
SERVER_PORT=8000

3. Deploy Server

Option A: Direct Python

kaltura-mcp-remote

Option B: Docker

docker-compose up -d

Option C: Production with Gunicorn (Optional)

# Install gunicorn separately if needed for production
pip install gunicorn
gunicorn -w 4 -k uvicorn.workers.UvicornWorker kaltura_mcp.remote_server:app

4. User Onboarding

Send users to: https://your-server.com/oauth/authorize?response_type=code&client_id=kaltura-mcp&redirect_uri=https://your-server.com/oauth/callback&state=user123

5. Client Configuration

For Claude Desktop (Remote Mode):

The easiest way to use the remote server with Claude Desktop is via the proxy client:

{
  "mcpServers": {
    "kaltura-remote": {
      "command": "kaltura-mcp-proxy",
      "env": {
        "KALTURA_REMOTE_SERVER_URL": "https://your-server.com/mcp/messages",
        "KALTURA_REMOTE_ACCESS_TOKEN": "your-jwt-token-from-authorization-flow"
      }
    }
  }
}

The proxy client (kaltura-mcp-proxy) acts as a local stdio MCP server that forwards requests to your remote server. This provides the best compatibility with Claude Desktop.

For Custom MCP Clients:

// HTTP transport with authentication
const transport = new HTTPTransport({
  baseUrl: "https://your-server.com/mcp/messages",
  headers: {
    "Authorization": "Bearer user-jwt-token-here"
  }
});

Analytics Documentation

The MCP server provides a comprehensive analytics suite with purpose-driven functions optimized for different use cases:

Purpose-Built Analytics Functions:

get_analytics: Comprehensive reporting data in table format for detailed analysis
get_analytics_timeseries: Time-series data optimized for charts and visualizations
get_video_retention: Detailed viewer retention curves showing exactly where viewers drop off
get_realtime_metrics: Live analytics updated every ~30 seconds for monitoring
get_quality_metrics: Quality of Experience (QoE) metrics for streaming performance
get_geographic_breakdown: Location-based analytics at country, region, or city level

Analytics Capabilities:

60+ report types covering content, users, geography, platforms, and more
Raw data access for custom analysis and visualization
Intelligent insights including drop-off points and engagement patterns
Support for filtering by date ranges, categories, users, and dimensions

For comprehensive documentation, see:

Analytics Guide - Complete reference for all analytics functions
Analytics Examples - Code examples and visualizations

Security Considerations

Production Deployment

Use HTTPS: Always deploy with TLS/SSL certificates
Secure JWT Secret: Use a cryptographically strong secret key (32+ bytes)
Environment Security: Never commit secrets to version control
Network Security: Use firewalls and VPN access where appropriate
Regular Updates: Keep dependencies updated for security patches

JWT Token Security

Token Expiration: Tokens expire after 24 hours by default
Credential Encryption: Kaltura credentials are encrypted within JWT payload
Scope Limitation: Tokens are limited to read-only Kaltura operations
Revocation: Restart server to invalidate all existing tokens

Infrastructure

# Example nginx configuration for production
server {
    listen 443 ssl;
    server_name your-kaltura-mcp.com;
    
    ssl_certificate /path/to/cert.pem;
    ssl_certificate_key /path/to/key.pem;
    
    location / {
        proxy_pass http://localhost:8000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

Docker Deployment

docker-compose.yml for production:

version: '3.8'
services:
  kaltura-mcp:
    build: .
    ports:
      - "8000:8000"
    environment:
      - JWT_SECRET_KEY=${JWT_SECRET_KEY}
      - OAUTH_REDIRECT_URI=https://your-domain.com/oauth/callback
      - SERVER_HOST=0.0.0.0
      - SERVER_PORT=8000
    restart: unless-stopped
    volumes:
      - ./logs:/app/logs
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.kaltura-mcp.rule=Host(\`your-domain.com\`)"
      - "traefik.http.routers.kaltura-mcp.tls=true"

Monitoring & Logging

The remote server provides built-in logging and can be monitored via:

Health Check: GET / returns server status
Metrics: Access logs via Docker volumes or server logs
Error Tracking: Configure external error tracking services

Important Security Notes

Local Mode Security (Recommended)

✅ Direct Configuration - Credentials configured directly in Claude Desktop
✅ MCP Standard Compliance - Client passes credentials to server via environment variables
✅ Process Isolation - MCP server runs in isolated process with limited scope
✅ No network exposure - Direct API communication with Kaltura
✅ Local credential storage - Credentials never leave your machine
✅ Secure transmission - Credentials passed securely to MCP server process

Remote Mode Security

✅ Credential encryption - Kaltura credentials encrypted in JWT tokens
✅ Token expiration - Automatic 24-hour token expiry
✅ TLS encryption - HTTPS required for production
⚠️ Server trust - You must trust the remote server operator
⚠️ Credential transmission - Credentials are sent to remote server (encrypted)

Production Checklist

Use HTTPS with valid certificates
Generate strong JWT secret key (32+ bytes)
Configure secure environment variables
Set up proper logging and monitoring
Implement rate limiting (nginx/cloudflare)
Regular security updates
Backup and disaster recovery plan

Deployment Architectures

Personal Use (Recommended)

Claude Desktop ←→ Local MCP Server ←→ Kaltura API

Small Team

Claude Desktop ←→ Proxy Client ←→ Remote MCP Server ←→ Kaltura API

Enterprise

Multiple Clients ←→ Load Balancer ←→ Multiple MCP Servers ←→ Kaltura API
                                          ↓
                                    Redis/Database

Documentation

Analytics Guide - Comprehensive guide to analytics features
Prompts and Resources - Detailed documentation of MCP prompts and resources
API Documentation - Official Kaltura API documentation

Development

Running Tests

pytest

Code Formatting

black src/
ruff check src/

License

MIT

Install Server

HTTP connection URL

security – no known vulnerabilities

license - permissive license

quality - confirmed to work

How are these scores calculated?

remote-capable server

The server can be hosted and run remotely because it primarily relies on remote services or has no dependency on the local environment.

Tools

View all tools

An implementation of the Model Context Protocol that provides AI models with standardized access to Kaltura's media management capabilities including uploading, retrieving metadata, searching, and managing categories and permissions.

Related MCP Servers

MCP Base
jsmiff
-
security
F
license
-
quality
A generic Model Context Protocol framework for building AI-powered applications that provides standardized ways to create MCP servers and clients for integrating LLMs with support for Ollama and Supabase.
Last updated -
TypeScript
MCP Server
GobinFan
A
security
F
license
A
quality
Implements the Model Context Protocol (MCP) to provide AI models with a standardized interface for connecting to external data sources and tools like file systems, databases, or APIs.
Last updated -
1
132
Python
MCP Toolkit
zxfgds
-
security
F
license
-
quality
A comprehensive Model Context Protocol server implementation that enables AI assistants to interact with file systems, databases, GitHub repositories, web resources, and system tools while maintaining security and control.
Last updated -
3
1
TypeScript
RL-MCP
rlefko
-
security
F
license
-
quality
A Model Context Protocol server that provides AI models with structured access to external data and services, acting as a bridge between AI assistants and applications, databases, and APIs in a standardized, secure way.
Last updated -
2
Python

View all related MCP servers