Loading

Authenticate MCP clients with API keys

The Elastic Agent Builder MCP server supports API key authentication for MCP clients. For example, you can let a scheduled script or automated service query your data through Elastic Agent Builder tools without a person signing in.

Tip

In Serverless projects, MCP clients can also authenticate using OAuth 2.1 through an application connection. To compare authentication options, refer to MCP server authentication.

Before configuring your MCP client, create an API key with Kibana application privileges for Elastic Agent Builder. You can use the following key types:

Tools execute with the scope assigned to the API key. Restrict your key to only the indices and data you want to expose through the MCP server. Refer to Best practices for additional recommendations.

The following example creates an Elasticsearch API key or Serverless project API key with Kibana application privileges for Elastic Agent Builder.

POST /_security/api_key
{
  "name": "my-mcp-api-key",
  "expiration": "30d",
  "role_descriptors": {
    "mcp-access": {
      "cluster": ["monitor_inference"],
      "indices": [
        {
          "names": ["*"],
          "privileges": ["read", "view_index_metadata"]
        }
      ],
      "applications": [
        {
          "application": "kibana-.kibana",
          "privileges": ["feature_agentBuilder.read", "feature_actions.read"],
          "resources": ["space:default"]
        }
      ]
    }
  }
}
		
  1. Required to use Elasticsearch inference endpoints. You can also use "cluster": ["all"] for broader access during development.
  2. Must be exactly kibana-.kibana. This is how Kibana registers its application privileges with Elasticsearch. Without the feature_agentBuilder.read privilege, you'll receive a 403 Forbidden error.
Note

Without the feature_agentBuilder.read application privilege, you'll receive a 403 Forbidden error when attempting to connect to the MCP endpoint.

Configure a client connection in MCP hosts such as Claude Desktop, Cursor, or VS Code by adding your Kibana URL and API key, typically in the following format:

{
  "mcpServers": {
    "elastic-agent-builder": {
      "command": "npx",
      "args": [
        "mcp-remote",
        "${KIBANA_URL}/api/agent_builder/mcp",
        "--header",
        "Authorization:${AUTH_HEADER}"
      ],
      "env": {
        "KIBANA_URL": "${KIBANA_URL}",
        "AUTH_HEADER": "ApiKey ${API_KEY}"
      }
    }
  }
}
		
  1. Refer to Authenticate MCP clients with API keys > Step 1: Create an API key
Note

Set the following environment variables:

export KIBANA_URL="your-kibana-url"
export API_KEY="your-api-key"
		

Always set an expiration date on API keys for security. Use shorter durations (1-7 days) for development and longer durations (30-90 days) for production, rotating keys regularly.

For production environments, restrict API keys to only the indices your tools need to access. This follows the principle of least privilege and prevents agents from querying sensitive data.

POST /_security/api_key
{
  "name": "my-mcp-api-key",
  "expiration": "30d",
  "role_descriptors": {
    "mcp-access": {
      "cluster": ["monitor_inference"],
      "indices": [
        {
          "names": ["logs-*", "metrics-*"],
          "privileges": ["read", "view_index_metadata"]
        }
      ],
      "applications": [
        {
          "application": "kibana-.kibana",
          "privileges": ["feature_agentBuilder.read", "feature_actions.read"],
          "resources": ["space:default"]
        }
      ]
    }
  }
}
		
  1. Required to use Elasticsearch inference endpoints. You can also use "cluster": ["all"] for broader access during development.
  2. Restrict index access to only the indices your tools need to query. Adjust the index patterns based on your security requirements.
  3. Read-only privileges prevent the agent from modifying data.
  4. Must be exactly kibana-.kibana - this is how Kibana registers its application privileges with Elasticsearch.