Authentication and Permissions
Some actions, like searching docs or generating code samples, don’t require credentials. But if you want MCP to actually create or send documents in your PandaDoc account, you’ll need to give it an API key. This page explains when and why.
When you need an API key
- Not required: docs search, code help, workflow guidance.
- Required: creating, sending, or querying docs in your PandaDoc account.
Generate a key
- Generate a PandaDoc API key from your account settings.
Add the key in your AI tool
Once you've generated an API key, you'll need to paste it into your MCP client (Cursor, Windsurf, or Claude Desktop). Follow the setup steps in Getting started for each client.
Security best practices
- Treat your key like a password. Anyone with it can create, send, and manage documents in your account.
- Store your key securely. Use your tool’s secret storage or OS keychain, never paste it into a public file or chat.
- Change your key regularly. Regenerate and replace it every so often to reduce risk.
- Confirm before sending: In your MCP client (Cursor, Windsurf, Claude Desktop), enable the Confirm before sending setting. This adds a human approval step for create, send, and delete actions. The setting is managed in the client, not by the PandaDoc MCP server.
Updated 1 day ago