Dashboard Setup
This page has been cleared and is ready for updated Builder Studio documentation.
Before any MCP client can reach BuilderStudio, you need a workspace API key. The main MCP endpoint lives at /api/mcp and uses bearer authentication: every request must send a workspace key prefixed builder_ (or an approved OAuth bearer token). This page covers creating that key from the dashboard and choosing the right scopes. For the bigger picture, see the Builder MCP + CLI overview.
builder_ keys authenticate the main /api/mcp gateway only. Published user MCP servers live at /api/user-mcp/<workspaceId>/<slug> and use a separate owner-managed credential path. See Marketplace overview for that flow.Create a workspace API key
Open workspace API keys
In the BuilderStudio dashboard, go to Security → Workspace API Keys. Keys are scoped to one workspace, so create the key while you are in the workspace whose canvases and workflows you want the agent to reach.
Create the key and pick scopes
Create a new key and select the scopes the agent needs. Scopes are enforced per tool on every call, so a narrow key is the safest starting point. See API key scopes below for what each one unlocks.
Copy the raw key immediately
The raw
builder_value is shown only once at creation time. Copy it and store it in your client config or a secret manager right away. If you lose it, revoke the key and create a fresh one rather than trying to recover the original.Hand the key to your client
Use the key as a bearer token when registering BuilderStudio in Claude Code, Cursor, or Codex. The exact commands are in Client commands.
run:workflows or write:canvas can change real workspace state. Rotate keys when they leave your control, keep one key per integration, and never commit a raw builder_ value to a repository.API key scopes
The /api/mcp gateway recognizes the following scopes. Each MCP tool requires one or more of them, and a missing scope produces a clear per-tool error (see Troubleshooting).
| Scope | What it unlocks |
|---|---|
read:canvases | List canvases, inspect nodes and edges, read canvas state, and power read-only tools. |
run:workflows | Trigger workflow executions and poll, replay, redrive, or cancel runs. |
write:canvas | Create canvases and add, update, move, resize, or delete nodes and edges. |
read:assets | List workspace and execution assets and read asset metadata. |
write:assets | Reserve, finalize, place, rename, move, tag, or trash workspace assets. |
read:billing | Read the credit balance, credit transactions, and the billing summary. |
manage:integrations | Manage workspace members, invites, API keys, and provider integrations. |
delete:canvas | Permanently delete canvases. Destructive — leave off unless required. |
delete:assets | Permanently purge workspace assets. Destructive — leave off unless required. |
read:canvases plus run:workflows is the right starting point. Add write:canvas, write:assets, or manage:integrations only when the agent must change state, and keep the two delete:* scopes off unless you have a deliberate destructive workflow.Verify the endpoint
The workspace MCP server is always reachable at the same URL. Confirm you are pointing your client at the gateway, not a published-server path.
Endpoint: https://builder.studio/api/mcpTransport: Streamable HTTPAuth: Authorization: Bearer builder_YOUR_KEY_HEREWas this page helpful?