Kimai MCP Server
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@Kimai MCP Serverstart a timer for the website redesign project"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Kimai MCP Server
A comprehensive Model Context Protocol (MCP) server for integrating with the Kimai time-tracking API. This server allows AI assistants like Claude to efficiently interact with Kimai instances to manage time tracking, projects, activities, customers, users, teams, absences, and more.
🚀 Quick Start
Local Installation (Single User)
# Install from PyPI
pip install kimai-mcp
# Run with your Kimai credentials
kimai-mcp --kimai-url=https://your-kimai.com --kimai-token=your-token
# Or use the interactive setup wizard
kimai-mcp --setup🌐 Remote Server Deployment (Recommended for Teams)
For enterprise/team environments: Deploy the server once and let all users connect remotely!
Server Types
Server | Command | Best For |
Local |
| Claude Desktop, single user, development |
Streamable HTTP |
| Claude.ai Connectors (web/mobile), teams |
SSE Server |
| Deprecated — do not use (see below) |
Deprecation notice: The SSE server (
kimai-mcp-server) is deprecated and not functional (the SSE transport was removed from the MCP specification). It prints a startup warning. Use the Streamable HTTP server (kimai-mcp-streamable) instead.
Quick Start with Docker (Streamable HTTP + OAuth)
Since v2.12.0 the Streamable HTTP server includes an OAuth 2.1 authorization server. Users authenticate with a user slug and a per-user auth_secret instead of a secret URL.
# 1. Generate a random slug and an auth_secret per user
python -c "import secrets; print(secrets.token_urlsafe(16))" # slug
python -c "import secrets; print(secrets.token_urlsafe(32))" # auth_secret
# 2. Create config file
mkdir config
cat > config/users.json << 'EOF'
{
"xK9mP2qW7vL4aB8c": {
"kimai_url": "https://your-kimai.com",
"kimai_token": "your-api-token",
"auth_secret": "long-random-oauth-login-secret"
}
}
EOF
# 3. Start server
docker-compose up -dSecurity Warning: Use random slugs, NOT usernames! The server warns at startup about low-entropy slugs (shorter than 16 characters or plain lowercase words). Slugs may only contain letters, digits,
-and_.
Claude.ai Connectors Integration (OAuth)
The Streamable HTTP server works with Claude.ai custom connectors:
Set an
auth_secretfor each user inusers.json(see above)Run the server behind an HTTPS reverse proxy:
kimai-mcp-streamable \ --users-config ./config/users.json \ --public-url https://mcp.example.com \ --trusted-proxy 127.0.0.1 \ --oauth-state-file ./config/oauth_clients.json \ --disable-legacy-slugsIn Claude.ai: Settings → Connectors → Add custom connector
Enter URL:
https://mcp.example.com/mcp(no slug in the URL)Claude.ai registers itself automatically (Dynamic Client Registration). When connecting, a login page appears — enter your user slug and
auth_secret.
Access tokens are valid for 1 hour and refreshed automatically (refresh tokens up to 30 days). Tokens are kept in memory, so users must reconnect after a server restart.
Legacy endpoints: The previous per-user URLs /mcp/{slug} still work but are deprecated. Migrate to the OAuth endpoint /mcp and start the server with --disable-legacy-slugs.
OIDC federated login (optional)
Instead of the built-in slug + auth_secret form, the Streamable HTTP server can delegate user authentication to any standard OpenID Connect provider (Microsoft Entra ID / Azure AD, Keycloak, Auth0, Google, Okta, …). The server stays the OAuth 2.1 authorization server toward Claude.ai (same opaque tokens, DCR and PKCE); it only federates the login step: /authorize redirects to your OIDC provider, the id_token is verified (signature via JWKS, iss/aud/exp/nonce), and the resulting identity is mapped to a configured user.
kimai-mcp-streamable \
--users-config ./config/users.json \
--public-url https://mcp.example.com \
--auth-backend oidc \
--oidc-issuer https://login.microsoftonline.com/<tenant-id>/v2.0 \
--oidc-client-id <client-id>
# Confidential clients: set KIMAI_MCP_OIDC_CLIENT_SECRET (env preferred over the CLI flag).Map each OIDC identity to a Kimai user by adding the oidc_identity field (matched case-insensitively against --oidc-identity-claim, default email):
{
"x7Kp2mQ9wL4r": {
"kimai_url": "https://kimai.example.com",
"kimai_token": "api_token_for_alice",
"oidc_identity": "alice@example.com"
}
}Register <public-url>/oauth/oidc/callback as the redirect URI at your OIDC provider. Requires the [server] extra (pip install "kimai-mcp[server]", which pulls in PyJWT[crypto]). The built-in slug login form is not exposed while the OIDC backend is active.
When mapping by email, the id_token must also assert email_verified: true, otherwise the email claim is ignored — so a provider that lets users self-assert an unverified address cannot impersonate a mapped user. For providers that do not emit email_verified but are trusted to only issue verified emails, pass --oidc-allow-unverified-email (or KIMAI_MCP_OIDC_ALLOW_UNVERIFIED_EMAIL=true).
Related MCP server: OpenProject MCP Server
Command Line Options
Options for the local server (kimai-mcp):
Option | Description |
| Kimai server URL (e.g., |
| API authentication token from your Kimai user profile |
| Deprecated — accepted but ignored (use the |
| SSL verification: |
| Interactive setup wizard for Claude Desktop configuration |
| Show help message and exit |
| Show version number and exit |
Options for the Streamable HTTP server (kimai-mcp-streamable):
Option | Environment variable | Description |
| — | Host to bind to (default: |
| — | Port to bind to (default: |
|
| Path to |
|
| Public base URL, used as OAuth issuer/resource URL (required behind a reverse proxy) |
|
| JSON file to persist registered OAuth clients across restarts |
|
| Disable the deprecated |
|
| Reverse proxy IPs whose |
|
| Maximum requests per minute per IP (default: 60, 0 to disable) |
|
| Login backend: |
|
| OIDC issuer URL (required for |
|
| OIDC client ID (required for |
|
| OIDC client secret (optional; public/PKCE-only if omitted — prefer the env var) |
|
| Requested scopes (default: |
|
| id_token claim mapped to a user's |
|
| Override the discovery URL (default: |
🛠️ Available Tools
Core Management Tools
Entity Tool (
entity) - Universal CRUD operations for projects, activities, customers, users, teams, tags, invoices, holidaysTimesheet Tool (
timesheet) - Complete timesheet management (list, create, update, delete, export, batch operations)Timer Tool (
timer) - Active timer operations (start, stop, restart, view active/recent)Rate Tool (
rate) - Rate management across all entity typesTeam Access Tool (
team_access) - Team member and permission managementAbsence Tool (
absence) - Complete absence workflow (create, approve, reject, list, attendance, batch operations, auto-split)Calendar Tool (
calendar) - Unified calendar data accessMeta Tool (
meta) - Custom field management for customers, projects, activities, timesheets, and invoices (invoice meta requires Kimai 2.56+)User Current Tool (
user_current) - Current user informationProject Analysis Tool (
analyze_project_team) - Advanced project analyticsConfig Tool (
config) - Server configuration (timesheet settings, color codes, plugins, version info)Comment Tool (
comment) - Comments on projects and customers: list, create, delete, pin (requires Kimai 2.57+)
Complete Kimai Integration
Timesheet Management - Create, update, delete, start/stop timers, view active timers
Project & Activity Management - Browse and view projects and activities
Customer Management - Browse and view customer information
User Management - List, view, create, update user accounts, and configure work contracts (preferences)
Team Management - Create teams, manage members, control access permissions
Absence Management - Create, approve, reject, and track absences
Tag Management - Create and manage tags for better organization
Invoice Queries - View invoice information and status
Comments - Manage pinned and regular comments on projects and customers (Kimai 2.57+)
Advanced Features
Real-time Timer Control - Start, stop, and monitor active time tracking
Comprehensive Filtering - Advanced filters for all data types
Permission Management - Respect Kimai's role-based permissions
Error Handling - API errors are reported with status code and validation details; 403 responses include a permission hint (Kimai 2.57/2.58 enforce API permissions more strictly)
Flexible Configuration - Multiple configuration methods (CLI args, .env files, environment variables)
Installation
Prerequisites
Python 3.10+
A Kimai instance with API access enabled
API token from your Kimai user profile
Install from PyPI (Recommended)
pip install kimai-mcpInstall from Source (Development)
# Clone the repository
git clone https://github.com/glazperle/kimai_mcp.git
cd kimai_mcp
# Install in development mode
pip install -e ".[dev]"Configuration
Getting Your Kimai API Token
Log into your Kimai instance
Go to your user profile (click your username)
Navigate to the "API" or "API Access" section
Create a new API token or copy an existing one
Note your Kimai instance URL (e.g.,
https://kimai.example.com)
Claude Desktop Integration
Step 1: Configure Claude Desktop
Add the Kimai MCP server to your Claude Desktop configuration file:
On macOS:
~/Library/Application Support/Claude/claude_desktop_config.json
On Windows:
%APPDATA%\Claude\claude_desktop_config.json
Step 2: Add Configuration
Add the following to your Claude Desktop configuration:
{
"mcpServers": {
"kimai": {
"command": "kimai-mcp",
"args": [
"--kimai-url=https://your-kimai-instance.com",
"--kimai-token=your-api-token-here"
]
}
}
}Important Notes:
Replace
https://your-kimai-instance.comwith your actual Kimai URLReplace
your-api-token-herewith your API token from KimaiThe
kimai-mcpcommand is available afterpip install kimai-mcp
Alternative: If kimai-mcp is not in your PATH, use python -m kimai_mcp.server instead:
{
"mcpServers": {
"kimai": {
"command": "python",
"args": [
"-m", "kimai_mcp.server",
"--kimai-url=https://your-kimai-instance.com",
"--kimai-token=your-api-token-here"
]
}
}
}Step 3: Restart Claude Desktop
After saving the configuration file, restart Claude Desktop for the changes to take effect.
Alternative Configuration Methods
Method 1: Using a .env File (Recommended for Development)
If you prefer using a .env file for configuration, create a .env file in your project directory:
# .env file in the kimai_mcp directory
KIMAI_URL=https://your-kimai-instance.com
KIMAI_API_TOKEN=your-api-token-here
KIMAI_SSL_VERIFY=true # or path to CA certificateThen use this Claude Desktop configuration:
{
"mcpServers": {
"kimai": {
"command": "kimai-mcp",
"cwd": "/path/to/your/kimai_mcp/directory"
}
}
}Important Notes for .env Configuration:
Replace
/path/to/your/kimai_mcp/directorywith the actual path to your kimai_mcp directoryThe
cwdparameter ensures the .env file is found in the correct directoryKeep your .env file secure and never commit it to version control
On Windows, use forward slashes in the path or escape backslashes
Example Windows Path:
{
"mcpServers": {
"kimai": {
"command": "kimai-mcp",
"cwd": "C:/Users/YourName/Projects/kimai_mcp"
}
}
}Method 2: Using Environment Variables (System-wide)
If you prefer system environment variables, you can set:
export KIMAI_URL="https://your-kimai-instance.com"
export KIMAI_API_TOKEN="your-api-token-here"Then use this Claude Desktop configuration:
{
"mcpServers": {
"kimai": {
"command": "kimai-mcp"
}
}
}Usage Examples
Timesheet Management
List Timesheets
{
"tool": "timesheet",
"parameters": {
"action": "list",
"filters": {
"project": 17,
"user_scope": "self"
}
}
}Create a Timesheet Entry
{
"tool": "timesheet",
"parameters": {
"action": "create",
"data": {
"project": 1,
"activity": 5,
"description": "Working on API integration",
"begin": "2024-08-03T09:00:00",
"end": "2024-08-03T10:30:00"
}
}
}Start a Timer
{
"tool": "timer",
"parameters": {
"action": "start",
"data": {
"project": 1,
"activity": 5,
"description": "Working on API integration"
}
}
}Stop a Timer
{
"tool": "timer",
"parameters": {
"action": "stop",
"id": 12345
}
}Project & Activity Management
List Projects
{
"tool": "entity",
"parameters": {
"type": "project",
"action": "list",
"filters": {"customer": 1}
}
}Get Project Details
{
"tool": "entity",
"parameters": {
"type": "project",
"action": "get",
"id": 17
}
}List Activities
{
"tool": "entity",
"parameters": {
"type": "activity",
"action": "list",
"filters": {"project": 17}
}
}User & Team Management
List Users
{
"tool": "entity",
"parameters": {
"type": "user",
"action": "list"
}
}Create a Team
{
"tool": "entity",
"parameters": {
"type": "team",
"action": "create",
"data": {
"name": "Development Team",
"color": "#3498db"
}
}
}Add Team Member
{
"tool": "team_access",
"parameters": {
"action": "add_member",
"team_id": 1,
"user_id": 5
}
}Absence Management
Create an Absence
{
"tool": "absence",
"parameters": {
"action": "create",
"data": {
"comment": "Vacation in the mountains",
"date": "2024-02-15",
"end": "2024-02-20",
"type": "holiday"
}
}
}List Absences
{
"tool": "absence",
"parameters": {
"action": "list",
"filters": {
"user": "5",
"status": "all"
}
}
}Check Attendance (Who is Present Today)
{
"tool": "absence",
"parameters": {
"action": "attendance",
"date": "2024-12-29"
}
}Returns a report showing present and absent employees with absence reasons.
Batch Operations
Batch operations allow executing multiple API calls in parallel for efficient bulk processing.
Batch Delete Absences
{
"tool": "absence",
"parameters": {
"action": "batch_delete",
"ids": [1, 2, 3, 4, 5]
}
}Batch Approve Absences
{
"tool": "absence",
"parameters": {
"action": "batch_approve",
"ids": [10, 11, 12, 13]
}
}Batch Delete Timesheets
{
"tool": "timesheet",
"parameters": {
"action": "batch_delete",
"ids": [100, 101, 102, 103]
}
}Batch Export Timesheets
{
"tool": "timesheet",
"parameters": {
"action": "batch_export",
"ids": [200, 201, 202]
}
}Batch Delete Entities
{
"tool": "entity",
"parameters": {
"type": "project",
"action": "batch_delete",
"ids": [5, 6, 7]
}
}Rate Management
List Customer Rates
{
"tool": "rate",
"parameters": {
"entity": "customer",
"action": "list",
"entity_id": 1
}
}Comments (Kimai 2.57+)
List Project Comments
{
"tool": "comment",
"parameters": {
"entity": "project",
"entity_id": 17,
"action": "list"
}
}Add a Pinned Customer Comment
{
"tool": "comment",
"parameters": {
"entity": "customer",
"entity_id": 5,
"action": "create",
"data": {
"message": "Billing contact changed, see email from 2026-06-01",
"pinned": true
}
}
}Current User Information
Get Current User
{
"tool": "user_current"
}Smart Features
Automatic Absence Splitting
The MCP automatically handles Kimai's limitations when creating absences:
Year-Boundary Splitting: Kimai doesn't allow absences spanning multiple years. The MCP automatically splits them.
{
"tool": "absence",
"parameters": {
"action": "create",
"data": {
"date": "2025-09-01",
"end": "2026-03-31",
"type": "parental",
"comment": "Parental leave"
}
}
}This automatically becomes two entries:
2025-09-01to2025-12-312026-01-01to2026-03-31
30-Day Limit Splitting: Kimai limits absences to 30 days maximum. Longer absences are automatically split into 30-day chunks.
{
"tool": "absence",
"parameters": {
"action": "create",
"data": {
"date": "2025-09-01",
"end": "2025-11-29",
"type": "parental",
"comment": "Parental leave (90 days)"
}
}
}This automatically becomes three 30-day entries with output:
Created 3 absence(s) for parental
Period: 2025-09-01 to 2025-11-29 (90 days)
IDs: 123, 124, 125
(Automatically split due to Kimai limitations)Troubleshooting
Common Issues
Connection Problems
Verify Kimai URL: Ensure your Kimai URL is correct and accessible
Check API Token: Verify your API token is valid and not expired
API Access: Ensure your Kimai instance has API access enabled
Network: Check if there are any firewall or network restrictions
Permission Errors
Creating timesheets for other users requires admin permissions
Managing users and teams requires appropriate role permissions
Some absence operations require manager permissions
Configuration Issues
Claude Desktop Config: Verify the JSON syntax is correct
Path Issues: Ensure Python can find the
kimai_mcpmoduleArguments: Check that command-line arguments are properly formatted
SSL Certificate Errors (Self-Hosted Instances)
If you're running a self-hosted Kimai instance with a custom CA certificate (e.g., self-signed certificates), you may encounter this error:
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chainSolution 1: Use the --ssl-verify CLI option
# Point to your CA certificate file
kimai-mcp --kimai-url=https://kimai.example.com --kimai-token=your-token --ssl-verify=/path/to/ca-bundle.crt
# Or disable verification (not recommended for production)
kimai-mcp --kimai-url=https://kimai.example.com --kimai-token=your-token --ssl-verify=falseSolution 2: Use environment variables
# Using httpx's built-in SSL environment variables
SSL_CERT_DIR=/etc/ssl/certs kimai-mcp --kimai-url=... --kimai-token=...
# Or using the KIMAI_SSL_VERIFY environment variable
KIMAI_SSL_VERIFY=/path/to/ca-bundle.crt kimai-mcp --kimai-url=... --kimai-token=...Claude Desktop configuration with custom certificates:
{
"mcpServers": {
"kimai": {
"command": "kimai-mcp",
"args": [
"--kimai-url=https://kimai.example.com",
"--kimai-token=your-token",
"--ssl-verify=/path/to/ca-bundle.crt"
]
}
}
}Or using the environment variable:
{
"mcpServers": {
"kimai": {
"command": "kimai-mcp",
"args": ["--kimai-url=...", "--kimai-token=..."],
"env": {
"KIMAI_SSL_VERIFY": "/path/to/ca-bundle.crt"
}
}
}
}Debug Mode
For debugging, you can run the server directly:
# Using command line arguments
kimai-mcp --kimai-url=https://your-kimai.com --kimai-token=your-token
# Using .env file (make sure you're in the directory with the .env file)
kimai-mcp
# Alternative: using Python module execution
python -m kimai_mcp.server --kimai-url=https://your-kimai.com --kimai-token=your-tokenLogging
The server includes comprehensive logging. Check the logs for detailed error information.
Security Considerations
API Token Security: Keep your API token secure and never commit it to version control
Network Security: Use HTTPS for your Kimai instance
Permission Management: Use appropriate Kimai roles and permissions
Regular Updates: Keep the MCP server and dependencies updated
Development
Project Structure
kimai_mcp/
├── src/
│ ├── kimai_mcp/
│ │ ├── __init__.py
│ │ ├── server.py # Local MCP server (stdio)
│ │ ├── streamable_http_server.py # Streamable HTTP server with OAuth (Claude.ai)
│ │ ├── sse_server.py # SSE server (deprecated, non-functional)
│ │ ├── oauth.py # Embedded OAuth 2.1 authorization server
│ │ ├── user_config.py # users.json / env multi-user configuration
│ │ ├── security.py # Rate limiting, security headers, enumeration protection
│ │ ├── client.py # Kimai API client
│ │ ├── models.py # Data models
│ │ └── tools/ # MCP tool implementations
│ │ ├── entity_manager.py
│ │ ├── timesheet_consolidated.py # timesheet + timer tools
│ │ ├── rate_manager.py
│ │ ├── team_access_manager.py
│ │ ├── absence_manager.py
│ │ ├── calendar_meta.py # calendar, meta, user_current tools
│ │ ├── comment_tool.py # project/customer comments
│ │ ├── project_analysis.py
│ │ ├── config_info.py
│ │ ├── user_discovery.py # shared user resolution helper
│ │ ├── batch_utils.py
│ │ ├── absence_analytics.py
│ │ └── timesheet_analytics.py
├── tests/
├── README.md
├── pyproject.toml
└── .gitignoreRunning Tests
pytest tests/ -vContributing
Fork the repository
Create a feature branch
Make your changes
Add tests for new functionality
Submit a pull request
📝 License
This project is licensed under the MIT License - see the LICENSE file for details.
Licensing Information
Kimai MCP Server: MIT License (this project)
Kimai Core: AGPL-3.0 License (separate project)
Model Context Protocol: Open standard by Anthropic
This MCP server is an independent integration tool that communicates with Kimai via its public API. It is not a derivative work of Kimai itself and can be freely used under the MIT license terms.
🤝 Contributing
We welcome contributions! Please feel free to submit a Pull Request. For major changes, please open an issue first to discuss what you would like to change.
Development Setup
Clone the repository
Install development dependencies:
pip install -e ".[dev]"Run tests:
pytest tests/ -vFollow the existing code style and add tests for new features
📞 Support
Issues: Please use the GitHub issue tracker
Documentation: Check the examples in the
examples/directoryKimai Documentation: Visit kimai.org for Kimai-specific questions
🙏 Acknowledgments
Anthropic for creating the Model Context Protocol
Kimai Team for the excellent time-tracking software and API
MCP Community for examples and best practices
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/glazperle/kimai_mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server