Create a token
In the console, go to Settings → MCP (admin only) and choose New token. Give it a name, pick a role, and optionally an expiry. The token is shown once, right after you create it — copy it then. If you lose it, revoke it and make a new one. Tokens are scoped to a single organization and can be revoked at any time from the same page.Connect your agent
The endpoint ishttps://<your-slipway-host>/mcp. For Claude Code:
Authorization: Bearer YOUR_TOKEN header.
Roles
A token’s role caps what its agent can do. Each tool requires at least the role shown.| Role | Can do |
|---|---|
| viewer | Read environments, deployments, logs, events, repos, specs, and usage. |
| developer | Everything a viewer can, plus bring up instances, deploy/redeploy, cancel, tear down, and run commands in a container. |
| admin | Everything, plus writing variables and secrets. |
viewer.
What an agent can do
The tools group into four areas:- Capacity —
get_usage(plan + environments / concurrent deployments / seats / storage, each used vs. cap) andcheck_capacity(can I start another environment right now?). Agents should check these before bringing things up so they don’t hit your concurrency cap. - Read — list and inspect environments, deployments, logs, and repositories; read a repo’s resolved spec.
- Lifecycle — bring up a fresh instance from a branch, wait for it to go healthy, redeploy, cancel, and tear down.
- Exec — run a command in a running service and capture its output (for example, run your tests).
- Config — set variables and secrets.
Security
- Tokens are stored hashed; the plaintext only exists at create time.
- Every tool is scoped to the token’s organization — an agent can never reach another org’s data.
- The
execand secret-writing tools are powerful (arbitrary commands in your pods; secret values). Keep tokens to the minimum role, prefer short expiries for shared machines, and revoke anything you’re unsure about.