Now that 8.3.5 has shipped without the MCP module, can anyone from IA give an updated target release? Is 8.3.6 the current plan, or has the timeline shifted further out? Trying to factor this into some architecture planning on our end.
Hi, we are planning to release the module with our 2027 release next February.
I'll add that the early access release here will continue working with 8.3 indefinitely, it just won't get any new features added to it. The version of the module released with 2027 will have a proper web UI for configuration and some first-party tools.
On MCP / AI use --- this can end up with adding folders/files within the ignition installation directory / within the project directory eg .md files etc. are these preserved with a gateway backup/restore or does the gateway backup only keep "real" ignition files?
Random files added to the data directory are "undefined behavior" - from what I remember they'll be preserved right now, unless they match certain ignore patterns (hidden files, certain specific filenames) but I wouldn't recommend planning on that behavior staying the same indefinitely.
If you want to guarantee something is restored, you could pretend you're a module and use one of the namespaced folders-by-module-id in the data directory, e.g.
/data/var/my.made.up.module.id/
On the other side I would like a way to clear out a gateway backup of any extra / junk files.
Ignore this post
I'm an idiot and didn't uncheck the box "Require secure connections for API Keys"and therefore was getting a "Forbidden" error when trying to connect to the MCP server...
I've been playing around with this a bit, pretty cool so far!
For me, I had to uncheck the https requirement for the API key before my client could connect. I haven't tried secure communications yet, but I'm using a test environment.
Also, for anyone using Codex as their client, here's what to add to the config.toml file:
[mcp_servers.ignition]
transport = "http"
url = "``http://localhost:8088/data/mcp/testing``"
[mcp_servers.ignition.headers]
X-Ignition-API-Token = "your-token-here"
This looks primarily designed to interact with a runtime environment, is there any roadmap for an MCP server with the SDK to enable clients to assist in application development?
I've been working through the MCP Early Access setup and have hit a wall with authentication. Hoping someone can point me in the right direction.
Setup:
- Ignition 8.3.6 (b2026042713)
- MCP Module v1.3.5-SNAPSHOT (b2026021307)
- Claude Code as the MCP client
- Connecting via HTTP on localhost:8088
- Project named 'testing', inheritable = false
- Server config created manually at
data/config/resources/core/com.inductiveautomation.mcp/server-config/testing/
Problem:
Every request to http://localhost:8088/data/mcp/testing returns 403 Forbidden regardless of authentication method tried (API key, Basic Auth, no auth). The MCP Server Config shows in Platform Overview with enabled=true but Last Updated and Status both show N/A.
I also tested the API key against /data/api/v1/gateway-info and get the same 403.
What I've tried:
- Setting permissions in config.json to both
AuthenticatedandPublic - Created a fresh API key with the
Require secure connectionsunchecked - Restarting the gateway after each config change
- Using the full token including the
LLM:prefix
Question:
What security level/role does the API key need to access the MCP endpoint? In the API Key edit screen, the only option I can check is Authenticated under Security Level β I don't see a way to assign the Administrator role to the key directly. Is there an additional step needed to grant the API key sufficient permissions?
Create a new security level and grant the API key access to it, and then make sure that your MCP server is allowed. I believe there's some special casing on API keys so that they more or less don't work if only granted the base 'Authenticated' level.
Hey Paul, thanks for the tip on the custom security level β that got the API key working against the v1 endpoints.
Unfortunately I'm still stuck on the MCP endpoint itself. Even after updating the config to use the new security level and pushing it via the REST API (which accepted it fine), the /data/mcp/testing endpoint still returns 404 and the Platform Overview still shows N/A for both Last Updated and Status.
One thing I noticed β I'm running gateway build b2026042713 (April 2026) but the MCP module I downloaded is v1.3.5-SNAPSHOT (b2026021307) from February. Could the version mismatch be causing the endpoint to not register at all? Is there a newer module build available that matches the April gateway nightly?
The module hasn't changed and will work on any base Ignition version 8.3.5+.
Can you try another MCP client, or show your full config with the actual key redacted?
Testing the MCP Module with claude code and claude desktop. After some trial and error I have gotten to a point where i can get a 406 response in Claude Code, and a 403 response in Claude desktop. Based on the results in claude code I'm connecting to the server but my Accept header is not correct.
config.json in ignition
{
"title": "testing",
"version": "1.0.0",
"permissions": {
"type": "AllOf",
"securityLevels": [
{
"children": [],
"name": "Authenticated"
}
]
},
"tools": {
"project/$launchpad-oee": "*"
},
"resources": {},
"prompts": {}
}
resource.json in Ignition
{
"scope": "A",
"version": 1,
"restricted": false,
"overridable": true,
"files": [
"config.json"
],
"attributes": {
"uuid": "4895f9b3-eeb1-436f-b327-e54ab873db86"
}
}
claude_desktop_config.json settings. Claude desktops implementation for hitting http servers is different from claude code, so thats why this mcp server config looks different
{
"mcpServers": {
"ignition": {
"command": "npx",
"args": [
"mcp-remote@latest",
"http://localhost:8088/data/mcp/testing",
"--header",
"X-Ignition-API-Token: <api key>"
]
}
}
My claude code implementation looks like @paul-griffith s above
"mcpServers": {
"ignition": {
"type": "http",
"url": "http://localhost:8088/data/mcp/testing",
"headers": {
"X-Ignition-API-Token": <api key>
}
}
So im stuck. Based on the feedback from claude code, the Accept header is wrong, and thats why Ignition is rejecting the connection. Can anyone nudge me in the right direction?
Hey,
This is what I use for Claude Desktop and it works on my end :
{
"mcpServers": {
"ignition": {
"command": "npx",
"args": [
"-y",
"mcp-remote",
"http://localhost:8088/data/mcp/testing",
"--header",
"X-Ignition-API-Token:${AUTH_HEADER}"
],
"env": {
"AUTH_HEADER": "IGNITION KEY"
}
}
}
}
Maybe the -y is the missing piece ?
Update 2:
Paul, got an actual error in the logs after the last restart:
ERROR: Error starting module com.inductiveautomation.mcp
java.lang.NullPointerException: Cannot invoke "Object.hashCode()" because "<parameter1>" is null
at McpGatewayHook$PrimitiveRegistryImpl.getProvider(McpGatewayHook.java:525)
at HandlerFactory.filterPrimitives(HandlerFactory.java:88)
Looks like the module is crashing on startup trying to resolve the project provider from the tools map. Is project/testing the correct syntax for referencing a project named 'testing', or should it be something different?
Update 1:
Hey Paul, making some progress but still stuck on the 403.
Good news is the config is now being read β I noticed the OPC-UA resource.json had lastModification and lastModificationSignature fields that mine was missing. Once I added those, the Last Updated column in Platform Overview started showing a value.
However the Status column is still N/A, and the endpoint still returns 403 regardless of what I put in the permissions block β I've tried Public, Authenticated, and a custom APIAccess level. Even with no auth header at all and Public permissions it still 403s.
The gateway logs filtered for 'mcp' only ever show module start/stop entries β nothing about loading the server config or registering the endpoint. I tried setting the logger to DEBUG but still nothing extra.
For what it's worth everything else looks correct:
- Project is named 'testing', inheritable = false, has a tool called get_gateway_status
- config.json and resource.json are in the right place
- API key works fine against v1 endpoints
Is the N/A status in the Status column expected? It feels like the module is loading the config but not actually activating the endpoint. Is there a step I'm missing between the config being read and the /data/mcp/testing endpoint becoming live?
Here are my current config files:
resource.json:
{
"scope": "A",
"version": 1,
"restricted": false,
"overridable": true,
"files": [
"config.json"
],
"attributes": {
"uuid": "4895f9b3-eeb1-436f-b327-e54ab873db86",
"lastModification": {
"actor": "admin",
"timestamp": "2026-05-21T10:00:00Z"
},
"lastModificationSignature": "ef922eba4ebd18d1b3d8073f9a4098c122164b1f11bbca59b445ac9e95a68173"
}
}
config.json:
{
"title": "Testing",
"version": "1.0.0",
"permissions": {
"type": "AllOf",
"securityLevels": [
{
"children": [],
"name": "Public"
}
]
},
"tools": {
"project/testing": "*"
},
"resources": {},
"prompts": {}
}
claude_desktop_config.json:
{
"mcpServers": {
"ignition": {
"command": "cmd",
"args": [
"/C",
"npx",
"-y",
"mcp-remote",
"http://localhost:8088/data/mcp/testing",
"--header",
"X-Ignition-API-Token:LLM:*****"
]
}
}
}
Original:
Hey Paul, still stuck. Here's where we are:
-
Deleted and recreated the config files from scratch
-
Tried
Public,Authenticated, and a customAPIAccesssecurity level in config.json -
Even with
Publicpermissions and no auth header at all, still getting 403 -
Platform Overview shows the testing server as enabled=true but Last Updated and Status are both N/A
It seems like the module sees the config exists but isn't actually loading it. The 403 persists regardless of permissions, which makes me think the config isn't being read at all. Is the N/A status expected, or does it indicate the config isn't being picked up? Is there anything special about how the config files need to be structured or named for the module to load them?
No luck I'm afraid. Thanks for the suggestion.
I have confirmed I can hit /data/api/v1/gateway-info and receive a good response, so it must be something with my mcp server set up.
Final Update, got it working!:
After my last post where I was still getting 403s, here's what finally fixed it:
The permissions issue: Paul's tip about creating a custom security level was the key. The base Authenticated level has some special casing that prevents API keys from working with the MCP endpoint. Once I created a new security level (I called it APIAccess) under Authenticated, assigned it to the API key, and referenced it in the config.json permissions block, the 403 went away.
The NullPointerException: At one point I accidentally set the tools map to empty {} while troubleshooting, which caused the module to crash on startup with a NullPointerException in HandlerFactory.filterPrimitives. This is just a bug triggered by an empty or invalid tools map β make sure project/yourProjectName: "*" is in there and the project actually exists and is not inheritable.
The resource.json: I also discovered that the lastModification and lastModificationSignature fields need to be present in resource.json for Ignition to properly load the config. Without them, the Platform Overview shows N/A for Last Updated and Status and the endpoint stays dead even though it appears enabled.
Claude Desktop: For anyone on Windows, use the direct download from claude.ai/download rather than the Microsoft Store version. The Store version sandboxes the config file differently and kept overwriting my MCP settings. Also use mcp-remote via npx as the bridge β make sure there's no space after the colon in the header value or it breaks.
Here are my working config files for reference:
resource.json:
json
{
"scope": "A",
"version": 1,
"restricted": false,
"overridable": true,
"files": ["config.json"],
"attributes": {
"uuid": "4895f9b3-eeb1-436f-b327-e54ab873db86",
"lastModification": {
"actor": "admin",
"timestamp": "2026-05-21T10:00:00Z"
},
"lastModificationSignature": "ef922eba4ebd18d1b3d8073f9a4098c122164b1f11bbca59b445ac9e95a68173"
}
}
config.json:
json
{
"title": "Testing",
"version": "1.0.0",
"permissions": {
"type": "AllOf",
"securityLevels": [
{
"children": [],
"name": "APIAccess"
}
]
},
"tools": {
"project/testing": "*"
},
"resources": {},
"prompts": {}
}
claude_desktop_config.json:
json
{
"mcpServers": {
"ignition": {
"command": "npx",
"args": [
"-y",
"mcp-remote",
"http://localhost:8088/data/mcp/testing",
"--header",
"X-Ignition-API-Token:[REDACTED]"
]
}
}
}
Thanks Paul for the security level tip, that was the breakthrough!
Tried matching your configuration exactly and still can't get the connection to work. Is the APIAccess level under Authenticated or is it separate?

