Airbyte MCP

Live

OAUTH 2.1

DATA PIPELINES

Automation

Airbyte MCP gives agents authenticated access to your data pipelines: list sources, wire new connectors, and query synced data across every workspace.

  • Per-user credentials: each call uses the actual user's token, never a shared bot.
  • Encrypted per-tenant vault: AES-256, resolved at request time, never in LLM context.
  • Scoped before every call: pre-call scope check, 90-day SIEM-exportable audit chain.
Airbyte MCP
agent · Acme Q3
Run
Which data sources are connected, and is the Salesforce sync healthy?
S
airbytemcp_list_created_connectors
92ms
Airbyte agent
6 sources connected. Salesforce sync healthy, last run 07:12 UTC, 48,210 records moved. Zendesk needs reauth.
Sources: 6 connectors, workspace prod
airbytemcp
6 connectors
18:29
Message Claude...

Tools your data agent reaches for on Airbyte, scoped per user.

CALL ANY TOOL
Manage data pipelines end to end: discover connector types, run credential flows, inspect sources, and query synced data.
airbytemcp_list_created_connectors
List connected sources
List the user's connected data sources (Salesforce, HubSpot, Zendesk, Jira, databases). Returns the connector IDs needed for inspect, docs, and execute calls.
Parameters
Name
Type
Required
Description
workspace_name
string
Optional
Optional workspace name to list connectors for.
airbytemcp_list_available_connectors
List connector types
airbytemcp_get_connector_template
Get connector template
airbytemcp_start_credential_flow
Start credential flow
airbytemcp_check_credential_flow_status
Check flow status
airbytemcp_inspect_connector
Inspect source
airbytemcp_execute
Query synced data
Build your Agent
Same auth pattern across LangChain, OpenAI, Anthropic, and Google ADK.
Python · LlamaIndex
import { ScalekitClient } from "@scalekit-sdk/node";
import { createReactAgent } from "@langchain/langgraph/prebuilt";

const sk = new ScalekitClient(env.SCALEKIT_ENV_URL, env.SCALEKIT_CLIENT_ID, env.SCALEKIT_CLIENT_SECRET);

// Airbyte tools scoped to this user
const { tools } = await sk.tools.listScopedTools("user_123", {
  filter: { connectionNames: ["airbytemcp"], toolNames: [
    "airbytemcp_list_created_connectors",
    "airbytemcp_inspect_connector",
    "airbytemcp_execute"] },
  pageSize: 100,
});

const agent = createReactAgent({ llm, tools });
await agent.invoke({ messages: [{ role: "user", content: "Is the Salesforce sync healthy?" }] });
import OpenAI from "openai";
import { ScalekitClient } from "@scalekit-sdk/node";

const sk = new ScalekitClient(env.SCALEKIT_ENV_URL, env.SCALEKIT_CLIENT_ID, env.SCALEKIT_CLIENT_SECRET);
const openai = new OpenAI();

const { tools } = await sk.tools.listScopedTools("user_123", {
  filter: { connectionNames: ["airbytemcp"] }, pageSize: 100,
});

const res = await openai.chat.completions.create({
  model: "gpt-5",
  messages: [{ role: "user", content: "Which data sources are connected?" }],
  tools,
});

// Execute the tool call with the user's vaulted Airbyte credential
await sk.tools.executeTool(res.choices[0].message.tool_calls[0], "user_123");
import Anthropic from "@anthropic-ai/sdk";
import { ScalekitClient } from "@scalekit-sdk/node";

const sk = new ScalekitClient(env.SCALEKIT_ENV_URL, env.SCALEKIT_CLIENT_ID, env.SCALEKIT_CLIENT_SECRET);
const anthropic = new Anthropic();

const { tools } = await sk.tools.listScopedTools("user_123", {
  filter: { connectionNames: ["airbytemcp"] }, pageSize: 100,
});

const msg = await anthropic.messages.create({
  model: "claude-sonnet-5",
  max_tokens: 1024,
  messages: [{ role: "user", content: "Pull open Zendesk tickets created this week." }],
  tools,
});

// Tool call runs with the user's vaulted Airbyte credential
await sk.tools.executeTool(msg.content, "user_123");
import { Agent } from "@google/adk/agents";
import { ScalekitClient } from "@scalekit-sdk/node";

const sk = new ScalekitClient(env.SCALEKIT_ENV_URL, env.SCALEKIT_CLIENT_ID, env.SCALEKIT_CLIENT_SECRET);

const { tools } = await sk.tools.listScopedTools("user_123", {
  filter: { connectionNames: ["airbytemcp"] }, pageSize: 100,
});

const agent = new Agent({
  name: "airbyte_data_agent",
  model: "gemini-2.5-pro",
  instruction: "Manage Airbyte pipelines for the signed-in user.",
  tools,
});

await agent.run("What auth does the Shopify connector need?");
Try these prompts
Copy any prompt into your agent. Each maps directly to an Airbyte tool. Click to copy, paste into your agent, done.
Pipeline health
Copy the prompt
Copied
Which data sources are connected right now?
Copy the prompt
Copied
Is the Salesforce sync healthy? When did it last run?
Copy the prompt
Copied
Inspect the Zendesk connector and flag any warnings.
Wire new sources
Copy the prompt
Copied
Connect a new Postgres source to the prod workspace.
Copy the prompt
Copied
What auth does the Shopify connector need?
Copy the prompt
Copied
Start a credential flow for HubSpot and send me the link.
Query synced data
Copy the prompt
Copied
Pull open Zendesk tickets created this week.
Copy the prompt
Copied
How many Salesforce opportunities closed this month?
Copy the prompt
Copied
Search Jira issues mentioning churn from the last sprint.
SEE HOW AUTH WORKS
Your users connect once. Their Airbyte credentials stay vaulted, every call is scope-checked, and every action is logged.
1
Authorize
Your user connects
Airbyte MCP
once. We tie it to their identity and the meetings they approved — no shared bot account, no org-wide access
Who:
user ‘A’
when:
Once per user
access:
Limited to user
2
Store
Their
Airbyte MCP
token lives in a vault scoped to them. User A's meetings are never reachable by an agent acting for user B, even on the same connection
vault:
encrypted
scope:
per-user
tokens:
auto-refreshed
3
Resolve
When your agent calls a
Airbyte MCP
tool, we fetch the right token server-side. It never touches your agent, never appears in the LLM context, never shows up in your logs
speed:
~40ms
check:
before every call
seen by:
nobody
4
Audit
Every
Airbyte MCP
tool call is logged — who triggered it, which meeting was fetched, what came back. 90 days of history, tied to the user who authorized it
history:
90 days
export:
SIEM-ready
logged:
every call
Test other agents
See the same per-user auth pattern across other data connectors.
ENGINEERING
DevOps assistant agent
Triage GitHub incidents, open Linear tickets, and notify the on-call channel in Slack with context already attached.
ENGINEERING
Slack workflow agent (LangGraph)
LangGraph agent that drives multi-step Slack workflows: triggers, approvals, and follow-up actions per user identity.
Why Scalekit
Secure your agent's access. Connectors ship in minutes
Other connector libraries treat auth as a demo afterthought. Scalekit starts with identity, scope enforcement, and audit. Connectors follow.
01.
Shared tokens break per-user analytics
A shared Airbyte token looks fine in a demo. In production every pipeline change looks like one service account, and you cannot tell who wired a source or ran a query. Scalekit resolves the credential of the actual user who triggered the agent, never a shared bot.
// shared token
audit → bot_service_account

// scalekit
audit → user_abc ✓
02.
Authentication is not authorization
03.
Multi-tenancy is architectural
04.
Airbyte today. Ten connectors tomorrow.
“Our agents act across Salesforce, Gong, Google Drive, and more, on behalf of every customer. Scalekit behind the scenes meant we can keep adding tools without ever rebuilding how credentials or tool calling work.”
Venu Madhav Kattagoni
Head of Engineering / Von
FAQs
Frequently Asked Questions
Does the agent access Airbyte as the user or through a shared key?
As the user. Scalekit resolves the credential of the person who triggered the agent at request time, so every pipeline change and query in your audit trail is attributed to a real user, not a shared service account.
Where is the Airbyte token stored?
In an AES-256 encrypted vault with per-tenant namespacing. Tokens are resolved at request time, never enter LLM context, refresh automatically, and can be revoked from one dashboard.
Can I limit what the agent does in Airbyte?
Yes. Filter by tool name in listScopedTools to expose only what you want, for example read-only inspection without execute or delete. Scalekit also enforces scope checks before every API call.
What happens when a user revokes access?
The credential is invalidated at the next tool call. The call fails closed, other users' connections are unaffected, and the revocation is logged in the audit chain.
How do agents pass source credentials like database passwords?
They never do. Airbyte's start_credential_flow returns a browser URL where the user enters secrets directly, and Scalekit vaults the resulting connection. Neither your agent nor the LLM ever sees a raw credential.
Start in your coding agent
Up and running in one command
Install the Scalekit skill in your editor of choice. Connector, auth, tools, prompt, all wired up
Claude Code REPL
/plugin marketplace add scalekit-inc/claude-code-authstack
/plugin install agentkit@scalekit-auth-stack
Cursor Code REPL
# ~/.cursor/mcp.json
{
""mcpServers"": {
""airbytemcp"": {
""url"": ""https://mcp.scalekit.com/airbytemcp"",
""headers"": { ""Authorization"": ""Bearer $SCALEKIT_TOKEN"" }
}
}
}
Codex Code REPL
# ~/.codex/config.toml
[mcp_servers.airbytemcp]
url = ""https://mcp.scalekit.com/airbytemcp""
auth_env = ""SCALEKIT_TOKEN""
Copilot Code REPL
# .vscode/mcp.json
{
""servers"": {
""airbytemcp"": {
""url"": ""https://mcp.scalekit.com/airbytemcp"",
""type"": ""http""
}
}
}