Rate limits
Three layers, each a sliding window:Per-key limits
Set by license tier:
When a limit is exceeded, the API returns:
Retry-After indication. A well-behaved agent won’t trip these in normal use.
AI course-generation limits (separate, stricter)
Every AI-powered tool shares a single tighter quota on top of the standard per-tier limit:create_course_from_promptcreate_course_from_filesrefine_courseregenerate_questionregenerate_lesson
When either limit fires:
per-key (your own quota) versus per-tenant (the workspace-wide quota). The MCP server retries with backoff like any other 429.
Per-IP limits on failed auth
10 failed authentication attempts per minute per source IP. Designed to make brute-force enumeration noisy (you can detect it in logs) and to throttle bad actors without affecting legitimate use.Key hygiene
Treat keys like passwords
MCP keys are bearer tokens. Anyone holding the key can act as the issuing user within the bounds of that user’s permissions and license tier. Same exposure model as a GitHub PAT, AWS access key, or Stripe API key. Specifically:- Don’t commit keys to git
- Don’t paste keys into Slack / Discord / email
- Don’t share keys between team members (each person should issue their own)
- Don’t reuse a key across multiple machines if you can avoid it (one per device makes revocation more surgical)
Storage on customer devices
The key lives in plaintext in your AI tool’s config file:- Claude Desktop (macOS):
~/Library/Application Support/Claude/claude_desktop_config.json - Claude Desktop (Windows):
%APPDATA%\Claude\claude_desktop_config.json - Cursor:
~/.cursor/mcp.json
Revoke on device loss
If a device with a stored key is lost / stolen / sold / handed to another person:- Go to Settings → MCP Keys in Konstantly
- Find the key for that device (use the name you gave it — “My laptop”, “Production agent”)
- Click the trash icon → confirm
Rotation
Keys don’t expire automatically. Best practice:- Calendar reminder to rotate every 90 days
- After each org change (someone leaves, role changes)
- Whenever you suspect compromise
Audit log
Every MCP write-tool call writes two events to your tenant’s audit log:- The action event — same as a UI-driven action (e.g.,
COURSE_ASSIGN,USER_BAN) MCP_TOOL_CALLevent — explicitly tags the call as MCP-driven, with the tool name and redacted args in thedatacolumn
- “What happened?” — filter audit log normally; results include both UI and MCP-driven actions, indistinguishable from each other (which is correct — they’re the same logical action).
- “What did MCP do?” — filter on
eventType=88(MCP_TOOL_CALL) for a fleet-wide view of agent-driven activity per quarter, per user, per tool.
Telemetry you get for free
Each MCP call generates:- An AI Usage dashboard entry — tool name, key, duration, success/failure. Visible in the existing AI Usage view alongside other AI-driven activity.
- An internal analytics event — fleet-wide tool-selection rates, success/failure ratios, per-tier usage.
Threat model
What the security posture defends against:Defended
Acknowledged risks (mitigation = ops + customer hygiene)
Operational checklist before public-facing use
If you’re rolling MCP out to a team or customer base:- Audit your existing MCP keys — are any held by users who’ve left? Revoke them.
- Document key-naming convention — “alex-laptop”, “prod-slack-bot” makes revoke decisions obvious. “key1” doesn’t.
- Set a rotation calendar — 90 days is reasonable for human-held keys; CI bots can rotate weekly via automated re-issue.
- Surface MCP activity to your security team — the AI Usage dashboard shows all agent activity in near-real-time.
- Wire audit log to your SIEM — events 86 (
MCP_KEY_CREATE), 87 (MCP_KEY_REVOKE), 88 (MCP_TOOL_CALL) are the MCP-relevant ones. - Train your admins to revoke keys before offboarding (same workflow as disabling SSO accounts).
AI Policy
How Konstantly handles AI processing — including which third-party providers receive customer data, how the MCP integration creates a sub-processing relationship with whichever AI agent you install (Claude, Cursor, etc.), and what we contractually disallow (e.g. training providers’ models on customer data) — is documented in our published AI Policy. Required reading for enterprise procurement reviews and EU AI Act compliance.Next steps
Authentication
Key format, scopes, license-tier interactions
Permissions
Role-by-role tool matrix
Tools Reference
All 25 tools
Quickstart
Try it in 5 minutes