Shared Resources

Organizations enable teams to share catalogs and credentials. Resources owned by the organization are accessible to all members based on their roles, ensuring consistent access without individual configuration.

How Sharing Works

When you create resources under an organization:

1. The org owns it — Resources belong to the organization, not individuals
2. Members inherit access — Role determines what each member can do
3. Credentials stay secure — Shared credentials use the org’s vault, not personal vaults
4. Resources persist — If a member leaves, org resources remain

Shared Catalogs

Creating Org Catalogs

When creating a catalog, select your organization as the owner:

1. Click Create → Catalog
2. Choose your organization from the owner dropdown
3. Configure the catalog
4. Click Create

The catalog is now accessible to all org members.

Catalog URL

Organization catalogs use the org handle:

https://mcp.toolcog.com/{org-handle}/{catalog-name}

All team members can use this same URL in their MCP clients.

Access by Role

• View — See catalog configuration and operations
• Use — Execute operations via MCP
• Edit — Modify sources, overrides, variables
• Delete — Remove the catalog

Shared Credentials

Organization credentials are stored in the org’s vault, separate from personal vaults.

How Org Credentials Work

1. Single source — One credential set for the whole team
2. Automatic application — Toolcog applies credentials when any member executes operations
3. Centralized management — Admins manage credentials in one place
4. No individual setup — Members don’t configure personal API keys

Setting Up Shared Credentials

For OAuth Services

1. Navigate to the org’s catalog
2. Go to Auth Schemes
3. Find the service (GitHub, Stripe, etc.)
4. Click Connect
5. Complete the OAuth flow

The credential is stored in the org vault. When any member executes operations requiring this auth, Toolcog uses the org credential.

For API Keys

1. Navigate to the org’s catalog
2. Go to Auth Schemes
3. Find the API key auth
4. Click Add Key
5. Enter the API key

The key is encrypted and stored in the org vault.

Credential Access by Role

“Metadata only” means seeing that a credential exists, its name, and when it was created—not the actual secrets.

Personal vs Organization Credentials

When a member executes an operation:

1. Toolcog checks for org credentials first
2. Falls back to personal credentials if no org credential exists
3. Prompts for authorization if neither exists

This means members can still use personal credentials for services not set up at the org level.

Shared APIs

Uploading Org APIs

Upload private APIs under your organization:

1. Click Create → API
2. Choose your organization as the owner
3. Upload your OpenAPI spec
4. Set visibility (public or private)

Private org APIs are only visible to org members.

Private API Sharing

For internal APIs you don’t want public:

• Upload under the organization
• Set visibility to Private
• Only org members can discover and use these operations
• Include in org catalogs for team access

Resource Organization Patterns

Team-Specific Catalogs

Create catalogs for different teams or purposes:

acme/engineering     — Development tools and APIs
acme/sales           — CRM and sales APIs
acme/finance         — Payment and accounting APIs

All are org-owned, but serve different teams. Members use whichever catalogs they need.

Environment Separation

Use variables for environment separation:

acme/services?env=production
acme/services?env=staging

Same catalog, different configurations. See Variables.

Layered Access

Combine public and private sources:

1. Start with global catalog (100,000+ public operations)
2. Add org-private APIs
3. Apply org-specific overrides
4. Share with team

Members get public APIs plus internal tools in one catalog.

Managing Shared Resources

Viewing All Org Resources

From your organization page:

• Catalogs tab — All org-owned catalogs
• APIs tab — All org-owned APIs
• Members tab — Who has access

Transferring Resources

To move a resource from personal to org ownership:

1. Currently: Delete and recreate under org
2. Future: Transfer ownership directly

Cleanup When Members Leave

When you remove a member:

• They lose access to all org resources immediately
• Credentials they created for the org stay with the org
• Their personal resources remain in their personal account
• Audit logs retain their activity history

Best Practices

Credential Management

• Use org credentials for team services — Avoid members creating personal credentials for shared APIs
• Limit admin access — Only admins can manage credentials
• Review periodically — Check what’s connected and revoke unused credentials

Catalog Organization

• Name clearly — Use descriptive names that indicate purpose
• Document in descriptions — Explain what each catalog is for
• Use consistent patterns — {org}/{purpose} or {org}/{team}

Access Control

• Start with Member role — Most team members only need to use resources
• Promote to Admin sparingly — Admins can modify shared resources
• Review roles regularly — Adjust as responsibilities change

Onboarding New Members

When adding someone to the org:

1. Invite with appropriate role
2. Share the MCP server URLs they need:

   https://mcp.toolcog.com/{org}/{catalog}

3. Point them to relevant documentation
4. Org credentials work automatically—no setup needed

Next Steps

• Organization Accounts — Create an organization
• Team Management — Invite and manage members
• Creating a Catalog — Set up shared catalogs