Skip to main content

MCP

Boldo exposes a Model Context Protocol server so MCP-compatible assistants can query your Boldo data and documentation.

Use MCP when you want an external assistant to inspect your architecture context while keeping access scoped to a selected organization and to the user's own Boldo rights.

Read-only access

MCP access is read-only. Connected assistants can query data, but they cannot modify your Boldo knowledge base.

Access

MCP access depends on your plan, organization AI availability, and the user's AI access.

Go to OrganizationDeveloper. When MCP is available, the page shows the MCP connection card and the MCP documentation link.

Connect a client

  1. Open OrganizationDeveloper
  2. Open the MCP documentation from the MCP card
  3. Copy the MCP server URL
  4. Add it to your MCP-compatible client configuration
  5. Start the OAuth connection from your client
  6. Select the Boldo organization to authorize
  7. Approve the connection only if you initiated it yourself

The organization is selected during OAuth consent. The same MCP server URL can be used before selecting the organization.

Only organizations that the current session can access are available for authorization. If an organization requires SSO, start the OAuth flow from a session authenticated with the matching SSO provider.

What MCP can query

The MCP server exposes tools for the main read use cases:

AreaTypical use
AssetsSearch, inspect, and resolve assets
MetamodelRead asset types, properties, and relationship types
DiagramsInspect diagram content
ChartsInspect chart configuration and context
ViewsInspect saved views
Nested mapsInspect nested map structure
Process flowsInspect process flow context
DocumentationSearch Boldo documentation

The interactive MCP documentation lists the exact tools and parameters available in the current version.

Process flow tools require a plan that includes process flows. Without that plan, process flow tools are not exposed.

The exact tools also depend on the organization AI access level. With Metamodel, MCP can expose structure and documentation tools. With Data, it can also expose read tools for data the approving user is allowed to see.

Permissions

MCP acts on behalf of the user who approved the OAuth connection.

That means:

  • data access follows the user's Boldo rights
  • the selected organization scopes the connection
  • the user's AI access and the organization's AI/MCP availability are checked
  • SSO requirements, enabled sign-in methods, 2FA enforcement, and IP restrictions still apply
  • revoking a connection stops that client from using the authorization
  • an administrator can revoke organization-level connected apps

MCP authorizations are checked when the client calls Boldo. If the user loses access, the organization disables MCP or AI, or an administrator revokes the connected app, the client stops working automatically.

Boldo also rate-limits MCP requests. A client that exceeds the limit receives a temporary error and should retry after a short wait.

Manage connected apps

Users can review and revoke their own connected MCP apps from My accountSecurity.

Administrators and owners can review organization-level connected apps from OrganizationDeveloper when MCP is enabled. Editors with Developer access do not see this section.

Revoking access affects the selected organization connection. Other members and other organizations are not automatically affected.

API keys vs MCP

API keys and MCP serve different integration needs.

NeedUse
Build scripts, automations, or system integrationsAPI
Let an assistant inspect Boldo through a conversational clientMCP
Write or update Boldo data programmaticallyAPI
Give read-only contextual access to an AI agentMCP

Use an API key when the integration must write data or run controlled backend jobs. Use MCP when an assistant needs read-only context for analysis and conversation.