Set up the incident.io MCP server

The incident.io MCP server lets AI agents create and update incidents, manage alerts, handle escalations, and interact with on-call schedules. This guide covers enabling the Remote MCP feature in incident.io and connecting it to MintMCP.

Prerequisites

• A MintMCP admin account
• An incident.io account (Pro or Enterprise plan recommended for AI features)

Enable the Remote MCP server

1. Log in to your incident.io dashboard.
2. Go to Settings → MCP.
3. Enable the Remote MCP server.

Add incident.io to MintMCP

Per-user OAuth (recommended)

Per-user OAuth lets each team member authenticate with their own incident.io account. Actions are attributed to that user and respect their dashboard permissions.

1. In MintMCP, go to MCP store > Manage store.
2. Find the incident.io MCP server and click to configure it.
3. Select OAuth and click Save.

API key

incident.io API keys are org-level service tokens — one key is shared across all tool calls and actions run as a service actor, not as any individual user. Use this option for automated agents and pipelines.

Generate an API key

1. In your incident.io dashboard, go to Settings → API keys.
2. Click New API key.
3. Enter a name — for example, MintMCP.
4. Select the account-level roles the key should have. Grant only the roles your agents need — for example, incident_creator and incident_editor to create and update incidents.
5. Click Create. Copy the key immediately — it is shown only once.

Configure in MintMCP

1. In MintMCP, go to MCP store > Manage store.
2. Find the incident.io MCP server and click to configure it.
3. Select API key, paste the key, and click Save.

Security considerations

• API keys are shown only once at creation — copy the value immediately.
• API keys do not expire until deleted. Rotate them if they are compromised.
• Grant each key only the roles it needs — a key can only be granted roles within its creator's own role scope.
• The api_keys_manage permission required to create keys can only be granted from the dashboard, not via the API.
• Per-user OAuth ties actions to individual identities and permissions. An API key runs as a service actor — its actions are not attributed to a specific person.

Next steps

• Tool customization — Control which incident.io tools are exposed to users
• MCP gateway administration — Manage access and permissions