MCP Server

adminbolt ships a remote MCP server (Model Context Protocol), so any MCP-capable AI client (Claude, Cursor, VS Code and others) can drive your hosting panel in plain language: provision accounts, manage mailboxes and databases, suspend a late payer, or check whether the server can take fifty more sites this week.

The server is exposed at a single endpoint:

https://ai-hub.adminbolt.com/mcp

Authorization runs through your browser over OAuth: you log in to adminbolt and approve access. There are no tokens to paste, and the OAuth Client ID / Client Secret fields in client settings stay empty.

Role scoping

The same endpoint behaves differently depending on which account authorizes it. It is the same permission model that runs the rest of the panel:

Role	Surface	Scope
Admin	~43 tools	Full: hosting accounts, domains & subdomains, email, databases & DB users, FTP, SSL, hosting plans, resellers, server health & metrics
Reseller	~12 tools	Own portfolio only: hosting accounts and plans. New accounts attach to your reseller automatically; there is no reseller_id to pass

Account-level resources (mail, databases, FTP, domains, SSL) belong to the account owner's panel, so a reseller key stays within its own lane. A client-scoped guide will follow; the client REST API itself shipped in 1.0.4 (see API Reference).

Connecting Claude Desktop

Custom connectors require a paid Claude plan (Pro, Max, Team or Enterprise).

1. Open Claude → Settings (Cmd , / Ctrl ,) → Connectors.
2. In Custom Connectors click Add custom connector.
3. Fill in: Name adminbolt, Remote MCP server URLhttps://ai-hub.adminbolt.com/mcp. Leave the Advanced OAuth fields empty. Click Add.
4. Click the new connector → Connect. A browser window opens: log in to adminbolt and approve access. The status changes to Connected.
5. In a conversation, open Search and tools and make sure adminbolt is enabled.
6. Test it: "check the health of the adminbolt MCP server" or "list my hosting accounts".

Connecting Cursor

Cursor only needs the URL; OAuth runs in the browser. Add to ~/.cursor/mcp.json (global) or .cursor/mcp.json (per project):

{
  "mcpServers": {
    "adminbolt": {
      "url": "https://ai-hub.adminbolt.com/mcp"
    }
  }
}

Via UI: Cursor → Settings → Tools & MCP → New MCP Server. After saving, Cursor shows an OAuth login button; a green status means you are connected.

Connecting VS Code (Copilot Agent mode)

Requires VS Code with MCP support enabled. Note the different schema: the key is servers (not mcpServers) and a type field is required. Add to .vscode/mcp.json (project) or via command palette → MCP: Open User Configuration (global):

{
  "servers": {
    "adminbolt": {
      "type": "http",
      "url": "https://ai-hub.adminbolt.com/mcp"
    }
  }
}

Via UI: command palette → MCP: Add Server → HTTP → paste the URL → name it adminbolt. Check status with MCP: List Servers.

What the tools cover

Tool names follow the REST API one-to-one (get_hosting-accounts, post_hosting-account_email-accounts, post_reseller_hosting-accounts_suspend, ...). The full parameter reference is the API Reference.

• Accounts: list, inspect, create, update holder details, change password, suspend / unsuspend, export, delete; per-account usage details (disk, bandwidth).
• Domains & subdomains (admin): add domain / subdomain / parked domain, set PHP version and PHP-FPM per domain, change document root, delete.
• Email, databases, DB users, FTP (admin): create and delete mailboxes, databases, database users with privilege assignment, FTP accounts.
• SSL (admin): toggle automatic Let's Encrypt SSL per account.
• Plans: list, create, rename, delete (admin and reseller).
• Resellers (admin): create, update, delete.
• Health & metrics (admin): health check, service status, admin statistics, live CPU/RAM/disk, historical metrics, system info.

Example workflows

Admin

Prompt	What runs underneath
"Set up hosting for acme.com on the Business plan, add an admin@ mailbox and a database with a user."	get_hosting-plans → post_hosting-accounts → post_hosting-account_email-accounts → post_hosting-account_databases → post_hosting-account_database-users → ..._assign
"Create a database, a DB user with full privileges and an FTP account for a WordPress install on example.com."	databases → database-users (ALL privileges) → ftp-accounts
"Add blog.example.com as a subdomain on PHP 8.4 with PHP-FPM."	post_hosting-account_domains (domain_type=subdomain) → put_hosting-account_domains
"Suspend latepayer.com until they pay."	post_hosting-accounts_suspend / later ..._unsuspend
"Can the server handle 50 new accounts this week?"	read-only: get_health, get_services, get_metrics_stats, get_metrics_history, get_admin_statistics
"Which accounts are close to their disk or bandwidth limits?"	get_hosting-accounts → get_hosting-accounts_usage-details per account
"oldclient.com cancelled. Take a backup, then delete the account."	post_hosting-accounts_export (non-destructive) → delete_hosting-accounts

Reseller

Prompt	What runs underneath
"Show me all my hosting accounts."	get_reseller_hosting-accounts (auto-scoped)
"Create hosting for clientx.com on my Pro plan."	get_reseller_hosting-plans → post_reseller_hosting-accounts
"Suspend clientx.com until they pay."	post_reseller_hosting-accounts_suspend / ..._unsuspend
"Add a Business 2026 plan and retire the legacy one."	post_reseller_hosting-plans, delete_reseller_hosting-plans
"Reset the password for clientx.com and update their contact details."	post_reseller_hosting-accounts_change-password, put_reseller_hosting-accounts

Deleting plans

Deleting a plan that still has accounts on it orphans them. Migrate accounts off first.

Security guardrails

• Approve destructive actions explicitly. Treat delete_*, suspend and password resets as high-impact: have the assistant state the exact target and wait for your confirmation before running.
• Resolve IDs first. Once the assistant holds a resource ID, deletes and updates act on it directly. Always resolve via a get_*/list call and have the assistant echo back what it is about to touch.
• Secrets travel in cleartext. Passwords and FTP credentials are plain strings in tool calls. Avoid logging conversations that contain them; rotate anything that leaks.
• Start read-only. Every get_* tool is non-destructive and the right place for staff to learn the assistant's behavior before getting write access.
• Throttle bulk loops. Fleet-wide audits (e.g. usage per account) should be paced; do not assume unlimited throughput.

Related

• API Reference: the same operations over plain REST, with full parameter docs.
• Agents / AI Agent Hub: registering the panel with the hub that also powers WhatsApp and the in-panel chat.
• Client Dashboard: AI Assistant & WhatsApp pairing: the end-user side of the same capability.