What is a Scoped Token?
A scoped token is a credential issued to a specific person or agent that grants access to a defined subset of resources — in MCP deployments, particular servers and tools — rather than everything the issuer can reach. Scoped tokens are typically time-bound and individually revocable, so access can be narrowed or withdrawn without affecting anyone else.
WHY IT MATTERS
The default failure mode in MCP fleets is the shared credential: one API key for the database server, pasted into every developer's client configuration. Everyone gets the same access, the audit log cannot tell people apart, and revoking the key for one leaver means rotating it for everyone. Scoped tokens replace that with per-person credentials, each carrying its own grant.
A useful scope has several dimensions:
- Who — the token is bound to a named person or agent, giving every tool call an identity (agent identity).
- What — which MCP servers, and which tools on those servers, the holder may call; a contractor might get read-only tools on two servers while the platform team gets more.
- When — an expiry, so stale grants age out instead of accumulating.
- Revocation — the token can be killed on its own, immediately, without a fleet-wide rotation.
Scoped tokens are the credential-layer expression of least privilege: they shrink the blast radius of a leaked credential or a misbehaving agent from "everything we have connected" to "what this one identity was granted". They pair naturally with policy enforcement — the token establishes who is calling and what they may reach; policy decides what each call may do.
HOW POLICYLAYER USES THIS
Scoped tokens are a core PolicyLayer primitive. Administrators issue a per-person token from the dashboard that grants access to a chosen subset of the fleet's registered MCP servers and tools; the person drops it into their client configuration and routes through the gateway. Every call is then attributed to that individual in the audit trail, policies evaluate against their identity, and revoking the token cuts their access instantly — no shared keys to rotate.