Affinda MCP

Live

API KEY

AI

Files & Documents

Affinda MCP turns documents into structured data: extract and validate invoices, resumes, and contracts from your agent.

  • Per-user credentials: each call uses the actual user's token, never a shared bot.
  • Encrypted per-tenant vault: AES-256, resolved at request time, never in LLM context.
  • Scoped before every call: pre-call scope check, 90-day SIEM-exportable audit chain.
Affinda MCP
agent · Acme Q3
Run
Add Connection To Integration in Affinda MCP
S
affindamcp_add_connection_to_integration
85ms
Affinda MCP agent
Attach an existing service connection to an integration..
Sources: Affinda MCP
affindamcpmcp
1 tool call
18:29
Message Claude...

Tools your agent reaches for on Affinda, scoped per user.

CALL ANY TOOL
Upload, extract, validate, and integrate structured data from invoices, resumes, and contracts.
affindamcp_add_connection_to_integration
Attach an existing service connection to an integration.
Attach an existing service connection to an integration.
Parameters
Name
Type
Required
Description
connection_id
string
Required
No description.
integration_id
string
Required
No description.
affindamcp_archive_documents
Move documents to ``archived`` state.
affindamcp_assign_document_type_to_workspace
Make a document type available for use in a workspace.
affindamcp_bulk_create_data_source_values
Append many new rows to a data source in one call.
affindamcp_bulk_create_fields
Create many fields on a document type in one call.
affindamcp_confirm_documents
Mark documents as validated, moving them from ``review`` to
affindamcp_create_api_token
Create a new long-lived affinda api key for the current user
affindamcp_create_connect_token
Mint an oauth connect token + url so the user can authorise
affindamcp_create_data_source
Create an empty data source (lookup table) in an organizatio
affindamcp_create_data_source_value
Add one new row to a data source.
affindamcp_create_document_type
Create a new document type (extraction template) in an organ
affindamcp_create_field
Create a single field on a document type.
Build your Agent
Same auth pattern across LangChain, OpenAI, Anthropic, and Google ADK.
Python · LlamaIndex
from langchain_mcp_adapters.client import MultiServerMCPClient
from scalekit import ScalekitClient

client = ScalekitClient(env_url=ENV_URL, client_id=CLIENT_ID, client_secret=SECRET)
token = client.agent.get_token(user_id="user_id", connector="affindamcp")

mcp = MultiServerMCPClient({
"affindamcp": {
"url": "https://mcp.scalekit.com/affindamcp",
"headers": {"Authorization": "Bearer " + token}
}
})
tools = await mcp.get_tools()
import OpenAI from "openai";
import { ScalekitClient } from "@scalekit-sdk/node";

const client = new ScalekitClient({ envUrl, clientId, clientSecret });
const token = await client.agent.getToken({ userId: "user_id", connector: "affindamcp" });

const openai = new OpenAI();
// Connect to MCP at https://mcp.scalekit.com/affindamcp
// Pass: Authorization: Bearer + token
import Anthropic from "@anthropic-ai/sdk";
import { ScalekitClient } from "@scalekit-sdk/node";

const client = new ScalekitClient({ envUrl, clientId, clientSecret });
const token = await client.agent.getToken({ userId: "user_id", connector: "affindamcp" });

const anthropic = new Anthropic();
// Connect to MCP at https://mcp.scalekit.com/affindamcp
// Pass: Authorization: Bearer + token
from google.adk.agents import LlmAgent
from scalekit import ScalekitClient

client = ScalekitClient(env_url=ENV_URL, client_id=CLIENT_ID, client_secret=SECRET)
token = client.agent.get_token(user_id="user_id", connector="affindamcp")
# Connect to MCP at https://mcp.scalekit.com/affindamcp
# Pass: Authorization: Bearer + token
Try these prompts
Copy any prompt into your agent. Each maps directly to a Affinda tool. Click to copy, paste into your agent, done.
Get started
Copy the prompt
Copied
Block until every document in a workspace has finished processing?
Copy the prompt
Copied
Update one or more settings on an existing workspace?
Advanced
Copy the prompt
Copied
Verify a service connection’s credentials are still valid?
Copy the prompt
Copied
Create or update a secret on an integration?
SEE HOW AUTH WORKS
Your users connect once. Their Affinda credentials stay vaulted, every call is scope-checked, and every action is logged.
1
Authorize
Your user connects
Affinda MCP
once. We tie it to their identity and the meetings they approved — no shared bot account, no org-wide access
Who:
user ‘A’
when:
Once per user
access:
Limited to user
2
Store
Their
Affinda MCP
token lives in a vault scoped to them. User A's meetings are never reachable by an agent acting for user B, even on the same connection
vault:
encrypted
scope:
per-user
tokens:
auto-refreshed
3
Resolve
When your agent calls a
Affinda MCP
tool, we fetch the right token server-side. It never touches your agent, never appears in the LLM context, never shows up in your logs
speed:
~40ms
check:
before every call
seen by:
nobody
4
Audit
Every
Affinda MCP
tool call is logged — who triggered it, which meeting was fetched, what came back. 90 days of history, tied to the user who authorized it
history:
90 days
export:
SIEM-ready
logged:
every call
Test other agents
See the same per-user auth pattern across other connectors.
No items found.
Why Scalekit
Secure your agent's access. Connectors ship in minutes
Other connector libraries treat auth as a demo afterthought. Scalekit starts with identity, scope enforcement, and audit. Connectors follow.
01.
Shared tokens break per-user analytics
A shared token looks fine in a demo. In production every call looks like a service account. Scalekit resolves the real user credential.
// shared token
audit → bot_service_account

// scalekit
audit → user_abc ✓
02.
Authentication is not authorization
03.
Multi-tenancy is architectural
04.
One connector today. Ten tomorrow.
“Our agents act across Salesforce, Gong, Google Drive, and more, on behalf of every customer. Scalekit behind the scenes meant we can keep adding tools without ever rebuilding how credentials or tool calling work.”
Venu Madhav Kattagoni
Head of Engineering / Von
FAQs
Frequently Asked Questions

Does the agent access Affinda as the user or as a shared key?
As the user. Each workspace member authorizes once and Scalekit resolves their credential at request time. Audit logs attribute every action to that user, not a shared service account.

Where is the Affinda API key stored?
In Scalekit's managed AES-256 token vault, namespaced per tenant. Refresh is automatic. Revocation is a single dashboard action. Tokens never appear in prompts, logs, or LLM context.

Can I limit what the agent is allowed to do in Affinda?
Yes. Pass a tool name filter to listScopedTools so the document agent only sees the subset you authorize. Pre-API-call scope checks block out-of-policy actions before the request reaches Affinda.

What happens when a user revokes Affinda access?
The connection is invalidated on the next tool call. Subsequent requests for that user fail closed with a clear error. Other users in the tenant remain unaffected. The event is logged for audit.

Where do parsed documents and extracted data live?
In the authorizing user's Affinda workspace. Uploads, extractions, and validations follow workspace membership, so invoices and resumes never cross tenant boundaries.

Start in your coding agent
Up and running in one command
Install the Scalekit skill in your editor of choice. Connector, auth, tools, prompt, all wired up
Claude Code REPL
/plugin marketplace add scalekit-inc/claude-code-authstack
/plugin install agentkit@scalekit-auth-stack
Cursor Code REPL
# ~/.cursor/mcp.json
{
""mcpServers"": {
""affindamcp"": {
""url"": ""https://mcp.scalekit.com/affindamcp"",
""headers"": { ""Authorization"": ""Bearer $SCALEKIT_TOKEN"" }
}
}
}
Codex Code REPL
# ~/.codex/config.toml
[mcp_servers.affindamcp]
url = ""https://mcp.scalekit.com/affindamcp""
auth_env = ""SCALEKIT_TOKEN""
Copilot Code REPL
# .vscode/mcp.json
{
""servers"": {
""affindamcp"": {
""url"": ""https://mcp.scalekit.com/affindamcp"",
""type"": ""http""
}
}
}