3CX MCP Server

22 tools. 6 can modify or destroy data without limits.

1 destructive tool with no built-in limits. Policy required.

Last updated:

6 can modify or destroy data
16 read-only
22 tools total

Community server · catalogue entry verified 02/07/2026

How to control 3CX MCP Server ↓

What 3CX MCP Server exposes to your agents

Read (16) Write / Execute (5) Destructive / Financial (1)
Critical Risk

The most dangerous 3CX MCP Server tools

6 of 3CX MCP Server's 22 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control 3CX MCP Server

PolicyLayer is an MCP gateway — it sits between your AI agents and 3CX MCP Server, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "delete_user": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "create_department": {
    "limits": [
      {
        "counter": "create_department_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "find_contact_by_phone": {
    "limits": [
      {
        "counter": "find_contact_by_phone_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register 3CX MCP Server — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON 3CX →

Instant setup, no code required.

All 22 3CX MCP Server tools

READ 16 tools
Read find_contact_by_phone Use this when the user provides a specific phone number and wants to know who it belongs to: Read find_queues Use this when the user asks about call queues: Read find_users Use this when the user asks about people, extensions, or phone users. Searches across extension number, first Read get_active_calls Returns all currently active (live) calls on the 3CX system. Each call includes caller/callee info, duration, Read get_call_history Use this for ANY question about past calls: Read get_event_logs Returns system event logs from 3CX. Each entry has: Id, Type (Info/Warning/Error), EventId, Message. Filter ex Read get_extension_status Use this when the user asks Read get_forwarding_profiles Use this when the user asks Read get_queue_agents Use this when the user asks Read get_system_status Returns 3CX system overview. Fields: FQDN, Version, Activated, MaxSimCalls, ExtensionsRegistered, ExtensionsTo Read get_trunk_details Returns full configuration of a specific SIP trunk including registration details, codecs, routes, and authent Read get_user Use this when the user asks about ONE specific extension by number. Returns the complete user record including Read list_departments Returns all 3CX departments (called Read list_ring_groups Use this when the user asks about ring groups (not queues). Ring groups ring multiple extensions simultaneousl Read list_trunks Returns all SIP trunks configured on the 3CX system. Each trunk has: Id, Number, Name, IsOnline (registration Read search_contacts Use this when the user asks about contacts or the phonebook:

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Questions about 3CX MCP Server

Can an AI agent delete data through the 3CX MCP Server MCP server? +

Yes. The 3CX MCP Server server exposes 1 destructive tools including delete_user. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through 3CX MCP Server? +

The 3CX MCP Server server has 5 write tools including create_department, create_user, set_forwarding_profile. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach 3CX MCP Server.

How many tools does the 3CX MCP Server MCP server expose? +

22 tools across 3 categories: Destructive, Read, Write. 16 are read-only. 6 can modify, create, or delete data.

How do I enforce a policy on 3CX MCP Server? +

Register the 3CX MCP Server MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every 3CX MCP Server tool call.

Deterministic rules across all 22 3CX MCP Server tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

22 3CX MCP Server tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.