Connect MCP and API integrations safely
Create tenant-owned access for approved integrations, assistants, automations, reports, and usage exports without exposing platform credentials.
Purpose
Create tenant-owned access for approved integrations and assistants with clear permissions and limits, and revoke it cleanly when it is no longer needed.
Who this is for
Admins and developers connecting approved assistants, integrations, and automations.
Prerequisites
- An admin or developer role on the workspace.
- Agreement on which integration or assistant needs access and why.
- A plan that includes the access mode you need.
Steps
- Open the API and integrations area in Tenant Admin.
- Choose an access mode that matches the integration's needs.
- Pick the smallest set of permissions the integration requires.
- Create the key and copy it once into your integration's secure settings.
- Confirm the integration connects and appears in usage history.
- Revoke any key that is unused or belongs to a retired integration.
Expected result
The integration connects with a workspace-owned key, uses only the permissions you chose, appears in usage history, and can be revoked at any time.
Verification
- The new key appears in the keys list with its access mode.
- The integration's first requests show in usage history.
- Revoking a key immediately stops its access.
If something goes wrong
- An integration cannot connect
- Confirm the access mode and permissions match what the integration needs, then try again.
- You lost the key value
- You cannot view a key again after creation; revoke it and create a replacement.
- Requests are being limited
- Review your plan's request limits and reduce request volume or upgrade.
Permissions
Creating and revoking access needs an admin or developer role; the access you grant is always workspace-owned and separate from platform administration.
Related articles
Support
If an approved integration still cannot connect, ask your workspace admin first. LumenReach support can help with connection requirements without exposing platform credentials.