Skip to main content

MCP Access Tokens

MCP Access Tokens (PATs) let you authenticate against the AgentArea MCP proxy from any MCP client — Cursor, Claude Desktop, or your own tooling — without exposing your primary credentials.

Overview

AgentArea’s MCP proxy sits in front of every managed MCP server instance in your workspace. To connect an external client, you need a Personal Access Token (PAT) — a long-lived, revocable credential scoped to your workspace.

Workspace-Scoped

A single token grants access to every MCP instance in your workspace

Hash-Only Storage

Raw tokens are shown once at creation. Only a SHA-256 hash is ever persisted

Instant Revocation

Revoke a token immediately from the API or dashboard — no propagation delay

Token Format

Every PAT follows a predictable, identifiable structure: 
aat_AbCdEfGhIjKlMnOpQrStUvWxYz012345678901234
PartValueDescription
Prefixaat_AgentArea Token — identifies token type at a glance
Body43 characters32 random bytes encoded as URL-safe base64
Total length47 charactersFixed-length, suitable for validation
The first 12 characters after aat_ (e.g. aat_AbCdEfGh) are stored as token_prefix and displayed in the dashboard so you can identify tokens without storing the raw value.

Lifecycle

API Reference

Base path: /v1/mcp-access-tokens 
POST /v1/mcp-access-tokens
Content-Type: application/json
Authorization: Bearer <session-token>

{
  "name": "cursor-dev-machine",
  "expires_in_days": 90
}
Response — the raw token is returned exactly once:
{
  "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
  "name": "cursor-dev-machine",
  "token": "aat_AbCdEfGhIjKlMnOpQrStUvWxYz012345678901234",
  "token_prefix": "aat_AbCdEfGh",
  "is_active": true,
  "expires_at": "2026-06-09T00:00:00Z",
  "access_count": 0,
  "last_accessed_at": null,
  "created_at": "2026-03-09T12:00:00Z"
}
Copy the token value immediately. It will never be shown again. If lost, revoke the token and create a new one.

Using Tokens with MCP Clients

Add the following to your Cursor MCP configuration (~/.cursor/mcp.json or the project-level .cursor/mcp.json):
{
  "mcpServers": {
    "my-agentarea-tool": {
      "url": "https://<your-domain>/mcp/<instance-id>/sse",
      "headers": {
        "Authorization": "Bearer aat_AbCdEfGhIjKlMnOpQrStUvWxYz012345678901234"
      }
    }
  }
}
Use a project-level config file so each project can reference a different MCP instance while sharing a single workspace token.

Creating Your First Token

1

Open the MCP Servers dashboard

Navigate to MCP Servers in the AgentArea dashboard and select the instance you want to connect to.
2

Go to Access Tokens

Click the Access Tokens tab on the instance detail page, then click New Token.
3

Name and configure the token

Give the token a descriptive name that identifies the client or machine it will be used on (e.g. cursor-laptop, ci-pipeline). Set an expiry appropriate for the use case.
Name:        cursor-laptop
Expires in:  90 days
4

Copy the raw token

The dashboard displays the full token value exactly once. Copy it now and store it in a password manager or secrets vault.
If you navigate away without copying the token, you must revoke it and create a new one. The raw token cannot be recovered.
5

Configure your MCP client

Paste the token into your client’s configuration as shown in the Using Tokens section above.

Token Fields Reference

FieldTypeDescription
idUUIDUnique identifier for the token record
namestringHuman-readable label you provide at creation
token_prefixstringFirst 12 characters (e.g. aat_AbCdEfGh) for visual identification
token_hashstringSHA-256 hex digest of the raw token — never exposed via API
is_activebooleanfalse immediately after revocation
expires_atdatetime (nullable)UTC expiry; null means no expiry
access_countintegerTotal number of validated requests
last_accessed_atdatetime (nullable)Timestamp of the most recent validated request

Security Best Practices

One token per client

Issue a separate token for each machine or integration. This lets you revoke access for a specific client without affecting others.

Set expiry dates

Prefer short-lived tokens (30-90 days) over non-expiring ones. Rotate tokens regularly, especially after team member changes.

Store in secrets managers

Never commit tokens to source control. Use environment variables, a password manager, or a secrets manager (Infisical, AWS Secrets Manager, HashiCorp Vault).

Monitor access counts

Unexpected spikes in access_count or activity from an unexpected last_accessed_at timestamp may indicate a compromised token. Revoke immediately if suspicious.

Revoke unused tokens

Periodically audit your token list and revoke any tokens that are no longer in active use or belong to departed team members.

Prefer short names

Use names like cursor-alice-laptop or ci-github-actions so you can identify the token’s origin at a glance when auditing.
A PAT grants access to all MCP instances in its workspace. Treat it with the same care as a root API key. If a token is compromised, revoke it immediately via DELETE /v1/mcp-access-tokens/{id} — revocation takes effect instantly.

Validation Logic

When the MCP proxy receives a request, it validates the Bearer token through the following checks in order:
  1. Format check — token must start with aat_
  2. Hash lookup — SHA-256 of the token is computed and matched against stored hashes
  3. Active checkis_active must be true
  4. Expiry checkexpires_at must be null or in the future
  5. Access recordingaccess_count incremented and last_accessed_at updated
Any failed check returns 401 Unauthorized. The raw token is never logged.

MCP Integration

Learn how AgentArea manages MCP server instances

Security

Workspace scoping, authentication, and secrets management