Admin and Security API
Bridge Town MCP 1.0 exposes modeling and collaboration tools through MCP. Tenant administration, security controls, key management, and provisioning controls are authenticated REST operations instead. This keeps destructive control-plane work out of agent tool discovery while preserving scriptable operator workflows.
All examples use curl as the command-line client:
export BRIDGE_TOWN_API="https://api.bridgetown.builders"export BRIDGE_TOWN_TOKEN="btk_..."Pass credentials in the Authorization header. Do not place API tokens, Auth0 access tokens, CMK ARNs, or private endpoint URLs in query strings.
Authorization
Section titled “Authorization”| Operation group | Minimum role | Plan |
|---|---|---|
| API tokens | Authenticated user for their own tokens | Any |
| Members and invites | Owner | Any |
| Tenant profile and retention settings | Owner for writes | Pro for custom retention |
| Audit log export | Owner | Enterprise |
| CMK enrollment | Owner | Enterprise |
| Per-tenant Gitea endpoint provisioning | Owner | Enterprise |
| Template governance | Project Owner | Any |
REST failures return ordinary HTTP status codes with a JSON detail field. Validation failures use 422, missing resources use 404, role failures use 403, and plan entitlement failures use 402.
Coverage Map
Section titled “Coverage Map”| Retired MCP operation | REST API replacement | Command-line example |
|---|---|---|
list_tokens | GET /api/tokens | curl -H "Authorization: Bearer $BRIDGE_TOWN_TOKEN" "$BRIDGE_TOWN_API/api/tokens" |
create_token | POST /api/tokens | curl -X POST -H "Authorization: Bearer $BRIDGE_TOWN_TOKEN" -H "Content-Type: application/json" -d '{"name":"ci-runner","expires_in":2592000}' "$BRIDGE_TOWN_API/api/tokens" |
revoke_token | DELETE /api/tokens/{token_id} | curl -X DELETE -H "Authorization: Bearer $BRIDGE_TOWN_TOKEN" "$BRIDGE_TOWN_API/api/tokens/$TOKEN_ID" |
list_users | GET /api/members and GET /api/invites | curl -H "Authorization: Bearer $BRIDGE_TOWN_TOKEN" "$BRIDGE_TOWN_API/api/members" |
invite_user | POST /api/invites | curl -X POST -H "Authorization: Bearer $BRIDGE_TOWN_TOKEN" -H "Content-Type: application/json" -d '{"email":"analyst@example.com","role":"viewer"}' "$BRIDGE_TOWN_API/api/invites" |
remove_user | DELETE /api/members/{user_id} | curl -X DELETE -H "Authorization: Bearer $BRIDGE_TOWN_TOKEN" "$BRIDGE_TOWN_API/api/members/$USER_ID" |
change_user_role | PATCH /api/members/{user_id} | curl -X PATCH -H "Authorization: Bearer $BRIDGE_TOWN_TOKEN" -H "Content-Type: application/json" -d '{"role":"editor"}' "$BRIDGE_TOWN_API/api/members/$USER_ID" |
get_tenant_settings | GET /api/tenant and GET /api/tenant/settings | curl -H "Authorization: Bearer $BRIDGE_TOWN_TOKEN" "$BRIDGE_TOWN_API/api/tenant/settings" |
update_tenant_settings | PATCH /api/tenant and PATCH /api/tenant/settings | curl -X PATCH -H "Authorization: Bearer $BRIDGE_TOWN_TOKEN" -H "Content-Type: application/json" -d '{"run_retention_months":18}' "$BRIDGE_TOWN_API/api/tenant/settings" |
get_cmk_status | GET /api/admin/cmk | curl -H "Authorization: Bearer $BRIDGE_TOWN_TOKEN" "$BRIDGE_TOWN_API/api/admin/cmk" |
enroll_cmk | POST /api/admin/cmk | curl -X POST -H "Authorization: Bearer $BRIDGE_TOWN_TOKEN" -H "Content-Type: application/json" -d '{"cmk_arn":"'"$CMK_ARN"'"}' "$BRIDGE_TOWN_API/api/admin/cmk" |
revoke_cmk | DELETE /api/admin/cmk | curl -X DELETE -H "Authorization: Bearer $BRIDGE_TOWN_TOKEN" "$BRIDGE_TOWN_API/api/admin/cmk" |
get_gitea_provisioning_status | GET /api/admin/gitea-endpoint | curl -H "Authorization: Bearer $BRIDGE_TOWN_TOKEN" "$BRIDGE_TOWN_API/api/admin/gitea-endpoint" |
enroll_gitea_endpoint | POST /api/admin/gitea-endpoint | curl -X POST -H "Authorization: Bearer $BRIDGE_TOWN_TOKEN" -H "Content-Type: application/json" -d '{"gitea_url":"'"$GITEA_BASE_URL"'"}' "$BRIDGE_TOWN_API/api/admin/gitea-endpoint" |
disable_gitea_endpoint | DELETE /api/admin/gitea-endpoint | curl -X DELETE -H "Authorization: Bearer $BRIDGE_TOWN_TOKEN" "$BRIDGE_TOWN_API/api/admin/gitea-endpoint" |
publish_project_template | PUT /api/projects/{project_name}/template | curl -X PUT -H "Authorization: Bearer $BRIDGE_TOWN_TOKEN" -H "Content-Type: application/json" -d '{"template_description":"Quarterly forecast starter"}' "$BRIDGE_TOWN_API/api/projects/$PROJECT_NAME/template" |
unpublish_project_template | DELETE /api/projects/{project_name}/template | curl -X DELETE -H "Authorization: Bearer $BRIDGE_TOWN_TOKEN" "$BRIDGE_TOWN_API/api/projects/$PROJECT_NAME/template" |
Behavior Notes
Section titled “Behavior Notes”API token creation returns the plaintext token exactly once. Store it in a secret manager immediately.
CMK enrollment validates the key with AWS KMS before persisting it. Replacement rewraps existing encrypted OAuth credentials when possible; any source that cannot be rewrapped is marked for reauthorization instead of blocking enrollment.
CMK revocation clears tenant enrollment and marks CMK-encrypted OAuth credentials for reauthorization. It is intentionally destructive and does not currently support a dry-run mode.
Per-tenant Gitea endpoint enrollment accepts only HTTPS base URLs with no embedded credentials, query strings, or fragments. Audit logs store the host only, not the full private endpoint URL.
Audit log export remains fail-closed: if the audit evidence row cannot be written, the CSV export is denied.
Template publishing and unpublishing are project-owner operations on the REST
API. PUT /api/projects/{project_name}/template is idempotent for the same
description, writes an audit event, and updates the backing Gitea template flag.
DELETE /api/projects/{project_name}/template removes template status without
affecting projects already created from the template.
MCP Boundary
Section titled “MCP Boundary”These operations are not discoverable through MCP Tool Search, do not appear in generated MCP tool pages, and are not listed in the MCP registry submission. Agents can still guide an owner to use the REST API or dashboard, but should not attempt these operations through MCP tools.