# Enterprise MCP And API Access

## Direct Answer

Yes, Video Media Factory has MCP servers:

- Main server: `services/mcp_server.py`
- Video repurpose server: `services/mcp_video_repurpose_server.py`

The app also has REST API routes in `apps/ai-media-factory/api/server.js`.

The business truth: MCP exists, but it should not be publicly exposed to enterprise clients until an authenticated MCP gateway is added. REST API routes exist, but enterprise customer API-key management is not fully productized yet.

## MCP Access

Supported transports:

- `stdio` for private/local agent use.
- `streamable-http` for network-accessible MCP.

Main MCP environment:

```bash
MCP_TRANSPORT=streamable-http
MCP_HOST=127.0.0.1
MCP_PORT=8001
```

Repurpose MCP environment:

```bash
MCP_TRANSPORT=streamable-http
MCP_HOST=127.0.0.1
MCP_PORT=8002
```

Production rule: keep MCP private or behind an authenticated proxy until enterprise gateway auth is implemented.

## REST API Access

The API covers videos, clips, editing, dubbing, publishing, analytics, brand kits, team, billing, projects, assets, timelines, exports, jobs, and UGC rendering.

Current API-key status:

- Python auth service includes `/auth/register`, `/auth/login`, `/auth/me`, and `/auth/generate-key`.
- Python common auth supports bearer/API-key style access.
- Main Node API still needs customer key issuance, scopes, rate limiting, usage logs, and route enforcement.

## Build Before Enterprise Sale

1. Customer API Keys page.
2. `POST /api/enterprise/api-keys`.
3. `GET /api/enterprise/api-keys`.
4. `DELETE /api/enterprise/api-keys/:id`.
5. `POST /api/enterprise/api-keys/:id/rotate`.
6. Scopes: `videos:write`, `clips:write`, `analytics:read`, `publish:write`, `assets:write`, `billing:read`.
7. Per-key rate limits.
8. Per-key usage logs.
9. Audit trail for enterprise admins.
10. Authenticated MCP HTTP gateway.