For the complete documentation index, see llms.txt. This page is also available as Markdown.

πŸ”’Safety & Security

How the Dapta MCP keeps your data safe: workspace isolation, preview-then- commit on every write, and one-key-per-workspace key hygiene.

The Dapta MCP is built so you can hand it to an AI client without worrying about surprise changes or cross-account leaks. Three guarantees back that up.


Workspace isolation

Every call is scoped to the workspace tied to your API key. You cannot read or change another workspace's data. The MCP resolves your workspace from the key itself, so there is no way to point it at someone else's account by passing a different ID.


Preview, then commit on all writes

No create, update, or execute happens without a preview you can review first. When Claude is about to change something, it shows you exactly what will change and returns a preview token. Nothing is written until you confirm and a matching commit step runs.

The single exception is creating a brand-new voice agent, which is created directly once you have supplied the details. Every other write goes through preview, then commit.


One key per workspace, shown once

Treat the key like a password.

  • One active key per workspace. Revoke the existing key before minting a new one.

  • Shown once. Keys are displayed only at mint time. Save yours immediately.

  • Owner-only. Only workspace owners can mint or revoke keys.

  • Revoke and re-mint if a key is ever exposed.

The MCP Access page showing an active key with a truncated prefix, an ACTIVE pill, and a Revoke button
The active key on the MCP Access page. The full key is never shown again after mint time. Use Revoke to invalidate it.

🧩Key ConceptsπŸ”‘Mint your API key

Last updated