Back to Browse
Free
Server data from the Official MCP Registry
MCP server for IT Glue — organizations, configurations, passwords, flexible assets, and documents.
About
MCP server for IT Glue — organizations, configurations, passwords, flexible assets, and documents.
Security Report
4.8
Use Caution4.8High RiskThe IT Glue MCP server is well-structured with proper authentication mechanisms and appropriate permission scoping. Auth is correctly delegated to environment variables and HTTP headers with good support for both API key and JWT modes. The code demonstrates strong security practices around credential handling and input validation. Minor code quality observations exist but do not indicate security vulnerabilities. Supply chain analysis found 4 known vulnerabilities in dependencies (2 critical, 1 high severity).
3 files analyzed · 8 issues found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
Permissions Required
This plugin requests these system permissions. Most are normal for its category.
What You'll Need
Set these up before or after installing:
IT Glue API key (format: ITG.xxx)Required
Environment variable: ITGLUE_API_KEY
IT Glue API region: 'us', 'eu', or 'au'
Environment variable: ITGLUE_REGION
Override IT Glue API base URL — auto-derived from region if omitted
Environment variable: ITGLUE_BASE_URL
Transport mode for the server. Set to 'stdio' for local CLI use; the image defaults to 'http' for gateway hosting.
Environment variable: MCP_TRANSPORT
Credential source: 'env' reads vars locally, 'gateway' expects header injection from the WYRE MCP Gateway.
Environment variable: AUTH_MODE
Log verbosity: debug, info, warn, error
Environment variable: LOG_LEVEL
How to Install
Add this to your MCP configuration file:
{
"mcpServers": {
"io-github-wyre-technology-itglue-mcp": {
"env": {
"AUTH_MODE": "your-auth-mode-here",
"LOG_LEVEL": "your-log-level-here",
"ITGLUE_REGION": "your-itglue-region-here",
"MCP_TRANSPORT": "your-mcp-transport-here",
"ITGLUE_API_KEY": "your-itglue-api-key-here",
"ITGLUE_BASE_URL": "your-itglue-base-url-here"
},
"args": [
"-y",
"@wyre-technology/itglue-mcp"
],
"command": "npx"
}
}
}Documentation
View on GitHubFrom the project's GitHub README.
IT Glue MCP Server
A Model Context Protocol (MCP) server that provides Claude with access to IT Glue documentation and asset management.
One-Click Deployment
[!NOTE] Unlike the other Wyre MCP servers, this one talks to the IT Glue API directly and has no private
@wyre-technology/*runtime dependency, so the one-click build does not need a GitHub Packages token — the cloud builder'snpm cionly pulls public packages. (Aread:packagestoken is only needed to install the published@wyre-technology/itglue-mcppackage itself; see Installation.) The DigitalOcean target builds the full Docker image and runs the complete MCP server over HTTP and is the recommended path; this repo does not ship a Workers entrypoint (src/worker.ts), so prefer DigitalOcean or the prebuilt container image (ghcr.io/wyre-technology/itglue-mcp).
Installation
This package is published to the GitHub Packages npm registry, which requires a token even for public packages. Authenticate npm once, then install:
# Authenticate npm to GitHub Packages (token needs the read:packages scope)
export NODE_AUTH_TOKEN=$(gh auth token) # or a PAT with read:packages
npm install @wyre-technology/itglue-mcp
The repo's .npmrc already points the @wyre-technology scope at GitHub Packages and
reads the token from NODE_AUTH_TOKEN, so no further config is needed. The same applies
to npx @wyre-technology/itglue-mcp.
Or use the Docker image:
docker pull ghcr.io/wyre-technology/itglue-mcp:latest
Configuration
The server accepts credentials via environment variables:
| Variable | Description | Required |
|---|---|---|
ITGLUE_API_KEY | Your IT Glue API key (format: ITG.xxx) | Yes (env mode) |
ITGLUE_JWT | A user-session JWT for elevated-scope operations such as listing document folders. See JWT for document-folder operations. | No |
ITGLUE_REGION | API region: us, eu, or au (default: us) | No |
ITGLUE_BASE_URL | Override the IT Glue API base URL (advanced) | No |
MCP_TRANSPORT | Transport: stdio (local) or http (remote). Defaults to stdio when run via npx/node, and to http in the Docker image. | No |
MCP_HTTP_PORT | Port for HTTP transport (default: 8080) | No |
MCP_HTTP_HOST | Bind address for HTTP transport (default: 0.0.0.0) | No |
AUTH_MODE | env (read credentials from environment) or gateway (read per-request credentials from HTTP headers). Default: env. | No |
Alternative: When AUTH_MODE=gateway, the MCP Gateway injects credentials per request via HTTP headers instead of environment variables. See Remote Deployment.
JWT for document-folder operations
A handful of operations need more than an API key. IT Glue gates document folders behind a user-session JWT — the API-key scope can read and create documents, but it cannot enumerate folder names. Tools affected:
list_document_folders— fails without a JWT.create_document— works without a JWT (falls back to a URL/ID folder prompt), but only offers the friendlier name-based folder picker when a JWT is present.
Provide the JWT in whichever way matches your deployment:
| Mode | How to supply the JWT |
|---|---|
Local / env (AUTH_MODE=env) | Set the ITGLUE_JWT environment variable. |
Remote gateway (AUTH_MODE=gateway) | Send the X-ITGlue-JWT request header. |
| Interactive clients (Claude Desktop/Code) | Leave it unset — the server prompts you to paste a JWT on first use and caches it for the session. |
Headless deployments (Docker, cloud): there is no one to answer the interactive prompt, so you must set
ITGLUE_JWT(env mode) or sendX-ITGlue-JWT(gateway mode) for folder enumeration to work.
Retrieving a JWT from your browser:
- Sign in to IT Glue in your browser.
- Open DevTools → Network tab.
- Click any request to
itg-api-*.itglue.com. - Copy the value of the
Authorization: Bearer <token>request header — the<token>part is your JWT.
Expiry: IT Glue JWTs are short-lived (~2 hours). A JWT placed in
ITGLUE_JWTon a long-running container will go stale and folder enumeration will start failing until it is refreshed. Interactive clients are simply re-prompted on expiry. API-key-only operations (everything except folder enumeration) are unaffected.
Available Tools
Organizations
- search_organizations - Search for organizations with optional filtering by name, type, status, or PSA ID
- get_organization - Get a specific organization by ID
Configurations (Devices/Assets)
- search_configurations - Search for configurations with filtering by organization, name, type, status, serial number, RMM ID, or PSA ID
- get_configuration - Get a specific configuration by ID
Passwords
- search_passwords - Search for password entries (metadata only, no actual passwords in results)
- get_password - Get a specific password entry including the actual password value
Documents
- search_documents - Search for documents with filtering by organization or name
- list_document_folders - List an organization's document folders (names and IDs). Requires a JWT — see JWT for document-folder operations
Flexible Assets
- search_flexible_assets - Search for flexible assets (requires flexible_asset_type_id)
Utility
- itglue_health_check - Verify connectivity to IT Glue API
Usage with Claude Code
Add to your .mcp.json:
{
"mcpServers": {
"itglue": {
"command": "npx",
"args": ["@wyre-technology/itglue-mcp"],
"env": {
"ITGLUE_API_KEY": "${ITGLUE_API_KEY}",
"ITGLUE_REGION": "us"
}
}
}
}
Or with Docker (local stdio):
{
"mcpServers": {
"itglue": {
"command": "docker",
"args": [
"run", "--rm", "-i",
"-e", "MCP_TRANSPORT=stdio",
"-e", "ITGLUE_API_KEY",
"ghcr.io/wyre-technology/itglue-mcp:latest"
],
"env": {
"ITGLUE_API_KEY": "${ITGLUE_API_KEY}"
}
}
}
}
Note: The Docker image defaults to HTTP transport. The
-e MCP_TRANSPORT=stdioabove is required to run it as a local stdio server for Claude Desktop/Code. For server deployments, see Remote Deployment below.
Remote Deployment (HTTP Streamable)
For server/cloud deployments, run the server with the HTTP Streamable transport. The Docker image already defaults to MCP_TRANSPORT=http on port 8080, exposing two endpoints:
POST /mcp— MCP Streamable HTTP endpoint (stateless: a fresh server is created per request)GET /health— unauthenticated health check
Env mode (single tenant)
Credentials come from environment variables. Use this when one API key serves the deployment:
docker run -d \
--name itglue-mcp \
-p 8080:8080 \
-e ITGLUE_API_KEY="ITG.xxxxxxxx" \
-e ITGLUE_REGION="us" \
--restart unless-stopped \
ghcr.io/wyre-technology/itglue-mcp:latest
# Verify
curl http://localhost:8080/health
# {"status":"ok","transport":"http","authMode":"env",...}
Clients connect to http://<host>:8080/mcp using the MCP Streamable HTTP transport.
Gateway mode (multi-tenant / hosted)
When deployed behind an MCP Gateway (e.g. mcp.wyre.ai), set AUTH_MODE=gateway. Credentials are then injected per request via HTTP headers rather than environment variables:
docker run -d \
--name itglue-mcp \
-p 8080:8080 \
-e AUTH_MODE=gateway \
--restart unless-stopped \
ghcr.io/wyre-technology/itglue-mcp:latest
The gateway supplies credentials on each request via these headers:
| Header | Description | Required |
|---|---|---|
X-ITGlue-API-Key (or X-API-Key) | IT Glue API key | One of API-Key or JWT |
X-ITGlue-JWT | JWT for elevated-scope operations | One of API-Key or JWT |
X-ITGlue-Region | API region: us, eu, or au (default: us) | No |
X-ITGlue-Base-URL | Override the IT Glue API base URL | No |
Requests missing both X-ITGlue-API-Key and X-ITGlue-JWT receive a 401. The /health endpoint reports "authMode":"gateway" in this mode.
Running without Docker
The same transport works from an installed/built copy by setting MCP_TRANSPORT=http:
MCP_TRANSPORT=http MCP_HTTP_PORT=8080 ITGLUE_API_KEY="ITG.xxxxxxxx" \
npx @wyre-technology/itglue-mcp
Example Queries
Once configured, you can ask Claude:
- "Search for organizations containing 'Acme' in IT Glue"
- "Get the configuration details for device ID 12345"
- "Find all passwords for organization ID 100"
- "Search for flexible assets of type 54321"
Security Notes
- Password search results do not include actual password values for security
- Use
get_passwordwith explicit ID to retrieve password values - Store your API key securely using environment variables or a secrets manager
- The API key should have appropriate read permissions in IT Glue
License
Apache-2.0
Contributing
See CONTRIBUTING.md for guidelines.
Reviews
No reviews yet
Be the first to review this server!
More Developer Tools MCP Servers
Fetch
Freeby Modelcontextprotocol · Developer Tools
Web content fetching and conversion for efficient LLM usage
80.0K
Stars
4
Installs
5.3
Security
No ratings yet
Local
Toleno
Freeby Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.
137
Stars
508
Installs
8.0
Security
4.8
Local
mcp-creator-python
Freeby mcp-marketplace · Developer Tools
Create, build, and publish Python MCP servers to PyPI — conversationally.
-
Stars
68
Installs
10.0
Security
4.6
Local