Keepit MCP uses token-based authentication with Keepit API credentials. The server supports role-based access control (RBAC) at both the user and connector level, giving you granular control over who can access what. 

To get started, create a secondary token in the PMC Web App (User Info > Security > Secondary Tokens) with read-only permissions. This is the only authentication method built into Partner MCP. 

For organizations that require additional authentication layers such as gateway authentication, SSO, or identity provider integration, these can be implemented on top of Keepit MCP within your hosting infrastructure. See the Enterprise Deployment Guide for suggested patterns using Azure API Management, Entra ID, and role-based gateway policies. 

Deployment options 

Choose a deployment pattern based on your team size and infrastructure requirements.

Detailed configuration examples for each pattern, including systemd service files, Docker Compose manifests, Kubernetes YAML, and Azure Key Vault integration, are available in the Enterprise Deployment Guide. 

Current limitations 

• Read-only operations only. No write, restore, delete, or configuration changes through MCP. 
• Each MCP tool requires individual user consent in the AI client. 
• The MCP server does not have access to the local filesystem or machine. 
• No data persistence between sessions (stateless operation). 
• Rate limits are inherited from the Keepit API. 
• AI-interpreted commands should always be reviewed before acting on results, as the LLM may occasionally misinterpret requests. 

Resources 

• GitHub Repository: https://github.com/keepit-official