I
Indigo Blackbird
Currently the MCP Server uses a single API key, meaning all actions are performed as the sysadmin account regardless of who the actual end user is. This creates both security and audit trail issues.
Requested improvements:
  • OAuth authentication – Allow end users to authenticate with their own Helpjuice credentials so actions are attributed to the correct user.
  • Tool scopes/permissions – Add the ability to configure which tools are exposed to different users or integrations. For example, restrict access to sensitive operations like user management (Users
    ) and webhooks (Webhooks
    ) while allowing read-only article access.
Why this matters:
  • Proper audit trails showing who actually made changes
  • Principle of least privilege – not every integration needs full admin access
  • Enables safer deployment in multi-user environments (e.g., AI assistants with multiple end users)
  • Possibility for custom tool clusters (eg. one MCP connection that only allows for searching the KB, another to only create new drafts, another that allows editing published articles and so on).
This could revolutionize how we create, update and handle content in our KB.