How do I use portkey-admin-mcp?

1. Click on "Install Server". 2. Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state. 3. In the chat, type @ followed by the MCP server name and your instructions, e.g., "@portkey-admin-mcp list all users in my organization" That's it! The server will respond to your query, and you can continue using it as needed. Here is a step-by-step guide with screenshots.

de en es ja ko ru zh

portkey-admin-mcp

by s-b-e-n-s-o-n

Overview Schema Related Servers Score Discussions

TypeScript

Hybrid

The Portkey Admin MCP Server provides 151 tools for managing Portkey AI infrastructure through the Model Context Protocol (MCP), enabling comprehensive administration across the following areas:

👥 User & Access Management — Invite, list, update, and delete users; manage pending invitations; retrieve user activity statistics; control role-based permissions.

🏢 Workspace Management — Create, configure, and delete workspaces; manage workspace members and their roles (admin, manager, member).

⚙️ Gateway Configuration — Set up and manage configs with load balancing, fallback routing, simple/semantic caching, and retry policies; view version history.

🔑 API & Virtual Key Management — Create and manage Portkey API keys (org-level and workspace-scoped) and virtual keys for securely storing AI provider credentials (OpenAI, Anthropic, Azure, Google, etc.).

📝 Prompt Management — Create, version, publish, render, and execute prompt templates with variable substitution and tool/function definitions; organize into collections; manage reusable partials and labels; migrate and promote prompts across environments (dev → staging → prod).

🛡️ Governance & Safety — Create and manage guardrails for content moderation and security; set usage limits (tokens, requests, cost) on daily/weekly/monthly periods; configure rate limits.

📊 Analytics & Reporting — Query time-series analytics for cost, requests, token usage, latency, errors, cache hit rates, feedback scores, and user activity; group by user, model, or metadata.

📋 Logging & Observability — Insert custom log entries; create and manage log export jobs; retrieve detailed trace information; create and update feedback on AI generations; view audit logs for all administrative actions.

🔌 Integrations & Providers — Manage custom AI providers, third-party integrations, MCP server registrations, and workspace access configurations.

The server supports deployment via npx, Docker, or self-hosting, with HTTP/HTTPS transports, stateful/stateless modes, and bearer/Clerk authentication. It integrates with Claude Code, Cursor, Windsurf, and VS Code. Enterprise features (full analytics, log exports, audit logs) require a Portkey Enterprise plan.

Portkey Admin MCP Server

MCP server for the Portkey Admin API. Manage prompts, configs, analytics, API keys, and more from any MCP client.

Quick Start

You need a Portkey API key with appropriate scopes. Get one from your Portkey dashboard under API Keys.

Claude Code

claude mcp add -e PORTKEY_API_KEY=your_key portkey-admin -- npx -y portkey-admin-mcp

Cursor / Windsurf / VS Code

Add to your MCP config (.cursor/mcp.json, .windsurf/mcp.json, or .vscode/mcp.json):

{
  "mcpServers": {
    "portkey-admin": {
      "command": "npx",
      "args": ["-y", "portkey-admin-mcp"],
      "env": {
        "PORTKEY_API_KEY": "your_api_key"
      }
    }
  }
}

Run directly

PORTKEY_API_KEY=your_key npx -y portkey-admin-mcp

To expose only a focused subset of tools in stdio clients, set PORTKEY_TOOL_DOMAINS:

PORTKEY_API_KEY=your_key \
PORTKEY_TOOL_DOMAINS=prompts,analytics \
npx -y portkey-admin-mcp

git clone https://github.com/s-b-e-n-s-o-n/portkey-admin-mcp.git
cd portkey-admin-mcp
npm install && npm run build

Then use this config:

{
  "mcpServers": {
    "portkey-admin": {
      "command": "node",
      "args": ["/path/to/portkey-admin-mcp/build/index.js"],
      "env": {
        "PORTKEY_API_KEY": "your_api_key"
      }
    }
  }
}

What You Can Do

Category	Tools	Examples
Prompts	14	Create, version, render, execute, migrate, promote prompts
Prompt Partials	7	Reusable prompt fragments with versioning
Prompt Labels	5	Organize prompt versions (production, staging, dev)
Configs	6	Gateway routing, caching, retry, loadbalancing
API Keys	5	Create and manage scoped API keys
Virtual Keys	5	Manage provider access keys
Collections	5	Group prompts by app or project
Providers	5	Manage AI provider configurations
Integrations	10	Provider integrations, models, workspace access
MCP Integrations	10	External MCP tool integrations
MCP Servers	10	MCP server registry and capabilities
Guardrails	5	Content safety policies
Usage Limits	7	Cost and token consumption limits
Rate Limits	5	Request frequency controls
Analytics	20	Cost, latency, errors, tokens, cache, feedback
Logging	8	Log ingestion and export
Tracing	2	Feedback creation and updates on traces
Users & Workspaces	20	User management, invites, workspace members
Audit	1	Audit log access

150 tools total. See ENDPOINTS.md for the full list with descriptions.

API Key Scopes

Most tools work with a workspace-scoped service key that has Select All permissions enabled. That covers prompts, configs, virtual/API keys, providers, guardrails, workspace integrations, MCP servers, rate/usage limits, logs, prompt completions, and workspace user management.

Enterprise-gated tools (28)

The following tools require an organisation-level scope that is only available on Portkey Enterprise plans. They return 403 You do not have enough permissions to execute this request on workspace plans. Their descriptions include an Enterprise-gated. Returns 403 on non-Enterprise Portkey plans. suffix so MCP clients know upfront.

Area	Tools	Required scope
Analytics (20)	`get_cost_analytics`, `get_request_analytics`, `get_token_analytics`, `get_latency_analytics`, `get_error_analytics`, `get_error_rate_analytics`, `get_cache_hit_latency`, `get_cache_hit_rate`, `get_users_analytics`, `get_error_stacks_analytics`, `get_error_status_codes_analytics`, `get_user_requests_analytics`, `get_rescued_requests_analytics`, `get_feedback_analytics`, `get_feedback_models_analytics`, `get_feedback_scores_analytics`, `get_feedback_weighted_analytics`, `get_analytics_group_users`, `get_analytics_group_models`, `get_analytics_group_metadata`	org-level `analytics.view`
Audit	`list_audit_logs`	`audit_logs.list`
Org-level integrations	`get_integration`, `list_integration_models`, `list_integration_workspaces`	`organisation_integrations.read`
Org-level users	`list_all_users`, `get_user`, `get_user_stats`, `list_user_invites`	`organisation_users.list` / `organisation_users.read`

Other scope requirements

Feature	Required
Prompt completions (`run_prompt_completion`)	`completions.write` scope + billing metadata (`app`, `env`)
Org-level service API key creation via `create_api_key`	`organisation_service_api_keys.create` (Enterprise)

If a tool returns a 403 with Portkey error AB03, it means missing scopes — not a broken endpoint.

HTTP Server (Experimental)

Status: The HTTP transport works but hosted deployment is not fully validated for production. Use stdio (npx) for reliable operation.

The server supports Streamable HTTP for remote access:

PORTKEY_API_KEY=your_key \
MCP_HOST=127.0.0.1 \
MCP_PORT=3000 \
MCP_PUBLIC_BASE_URL=https://mcp.example.com \
MCP_AUTH_MODE=bearer \
MCP_AUTH_TOKEN=your_secret \
node build/server.js

Or via npx (the portkey-admin-mcp package includes the HTTP binary):

PORTKEY_API_KEY=your_key MCP_AUTH_MODE=bearer MCP_AUTH_TOKEN=your_secret \
  npx -y -p portkey-admin-mcp portkey-admin-mcp-http

For local-only HTTP use, leave MCP_HOST at its default 127.0.0.1. Set MCP_HOST=0.0.0.0 only when you intentionally need to accept connections from outside the local machine, such as Docker or a reverse proxy on another interface.

Configuration

Variable	Default	Description
`PORTKEY_API_KEY`	(required)	Your Portkey API key
`PORTKEY_TOOL_DOMAINS`	—	Optional comma-separated stdio/HTTP default tool subset, e.g. `prompts,analytics`
`MCP_HOST`	`127.0.0.1`	Bind address
`MCP_PORT`	`3000`	Port
`MCP_PUBLIC_BASE_URL`	—	Public absolute base URL to advertise from `/auth/info` and the status page; recommended for hosted deployments
`MCP_AUTH_MODE`	`none`	`none`, `bearer`, or `clerk` (`none` is blocked for HTTP unless explicitly overridden)
`MCP_AUTH_TOKEN`	—	Secret for bearer auth
`MCP_ALLOW_UNAUTHENTICATED_HTTP`	—	Set to `true` only for intentional local unauthenticated HTTP debugging
`MCP_SESSION_MODE`	`stateful`	`stateful` or `stateless`
`MCP_MAX_SESSIONS`	`100`	Maximum concurrent stateful MCP sessions before new initialize requests are rejected
`MCP_EVENT_STORE`	`off`	`off`, `memory`, or `redis`
`MCP_REDIS_URL`	—	Redis URL for shared event store
`MCP_TLS_KEY_PATH`	—	TLS key for native HTTPS
`MCP_TLS_CERT_PATH`	—	TLS cert for native HTTPS
`ALLOWED_ORIGINS`	—	CORS allow-list
`MCP_TRUST_PROXY`	`false`	Trust proxy headers (for reverse proxies)
`RATE_LIMIT_MAX_BUCKETS`	`10000`	Maximum distinct in-memory rate-limit buckets before new clients share an overflow bucket

Experimental Vercel support is included. See docs/VERCEL_DEPLOYMENT.md for setup instructions.

Key points:

Uses stateless mode with Redis event store
Requires Clerk or bearer auth
Leave MCP_TLS_* unset (Vercel terminates HTTPS)
Set MCP_PUBLIC_BASE_URL to your deployment URL so advertised MCP endpoints never depend on request headers
Vercel does not support WebSockets — Streamable HTTP/SSE only

docker build -t portkey-admin-mcp .
docker run \
  -e PORTKEY_API_KEY=your_key \
  -e MCP_HOST=0.0.0.0 \
  -e MCP_PORT=3000 \
  -e MCP_AUTH_MODE=bearer \
  -e MCP_AUTH_TOKEN=your_secret \
  -p 3000:3000 \
  portkey-admin-mcp

Health Endpoints

Path	Purpose
`GET /health`	Server liveness
`GET /ready`	Readiness (includes optional Portkey connectivity check)
`GET /auth/info`	Auth configuration metadata

Development

npm run dev           # stdio with hot reload
npm run dev:http      # HTTP with hot reload
npm test              # unit + contract tests
npm run test:e2e      # MCP protocol tests
npm run test:http     # HTTP endpoint smoke test
npm run ci            # full pipeline (lint + typecheck + test + build + e2e + verify)

npm run dev:http now requires MCP_AUTH_MODE=bearer or MCP_AUTH_MODE=clerk by default. For deliberate local-only unauthenticated testing, set MCP_ALLOW_UNAUTHENTICATED_HTTP=true.

MIT License · Inspired by r-huijts/portkey-admin-mcp-server

↑ Back to top

Install Server

security – no known vulnerabilities

license - permissive license

quality - not tested

How are these scores calculated?

Resources

Need Help?

Related Servers

Tools

View all tools

Latest Blog Posts

Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security
Open Source Has a Bot Problem
By punkpeye on March 19, 2026.
open source

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/s-b-e-n-s-o-n/portkey-admin-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server