NetBird MCP. Manage your entire mesh network from chat.
NetBird controls your Zero Trust mesh network directly through conversation. Use this MCP to manage accounts, create users, define access policies, and configure resources without logging into a dashboard. It gives your AI agent full control over identity and network infrastructure.
Claude 
ChatGPT 
Cursor 
Gemini 
Windsurf 
VS Code 
JetBrains 
Vercel Give Claude and any AI agent real-world access
Using tools like list_users and create_user, your agent can track all users, invite new ones, or set up service accounts.
Your agent lets you define rules for traffic using tools like create_policy, ensuring only authorized services can communicate across the mesh network.
You can provision new infrastructure components by listing or creating networks, routers, and specific host subnets with tools like list_networks and create_network_resource.
Manage the full life cycle using functions that generate user invite links (create_user_invite), approve pending accounts (approve_user), or delete users entirely (delete_user).
Ask an AI about this
Waiting for input…
What AI agents can do with NetBird MCP with 89 Tools
These tools let you programmatically perform every administrative action needed to configure, monitor, or change your entire network topology.
Make your AI actually useful.
Add this MCP to Claude, Cursor, or Windsurf and your AI stops guessing. It gets real tools to look things up, take action, and handle the stuff you keep doing by hand.
Start using NetBird MCPAccept User Invite
Allows an unauthenticated user to accept an invite link and set a password.
Approve User
Approves the status of a pending user account.
Change User Password
Resets or changes a user's password through an embedded identity provider.
Create Group
Creates a new logical group for organizing users and resources.
Create Msp Tenant
Sets up a brand new managed service provider (MSP) tenant account.
Create Nameserver
Creates a dedicated group for nameservers within the network structure.
Create Network Resource
Adds an actual resource, such as a host subnet or domain name, to a specific network.
Create Network Router
Deploys a new router device within the overall network topology.
Create Network
Establishes an entirely new, isolated virtual network environment.
Create Policy
Defines a granular rule set specifying what protocols and ports are allowed between...
Create Posture Check
Sets up a security check that verifies parameters like OS version or geographic...
Create Route
Creates an outdated network route entry.
Create Setup Key
Generates a setup key, which can be used for one-time or reusable authentication access.
Create Temporary Access Peer
Creates temporary credentials allowing limited network access to a specific peer.
Create User Invite
Generates a unique link that can be shared with a new user to join the system.
Create User Token
Creates a new, secure personal access token for long-term use by an individual user.
Create User
Registers either a service account or invites a standard human user into the system.
Delete Account
Removes an entire NetBird account and all associated resources permanently.
Delete Group
Deletes a defined logical group from the network structure.
Delete Nameserver
Removes an entire nameserver grouping from service.
Delete Network Resource
Deletes a specific host, subnet, or domain resource.
Delete Network Router
Removes a router device from the network topology.
Delete Network
Deletes an entire virtual network environment, removing all contained resources.
Delete Peer
Delete a peer
Delete Policy
Removes a specific access policy rule set.
Delete Posture Check
Takes down an existing security posture verification check.
Delete Route
Removes an outdated network route entry.
Delete Setup Key
Invalidates and removes a previously generated setup key.
Delete User Invite
Removes an existing, unsent user invitation link.
Delete User Token
Revokes and deletes a personal access token for a specific user.
Delete User
Permanently removes a registered user from the network system.
Get Current User
Retrieves detailed information about the account currently authenticated and using...
Get Dns Settings
Fetches global settings related to DNS management for the network.
Get Group
Retrieves detailed information about a specified group.
Get Nameserver
Fetches all details regarding a specific nameserver grouping.
Get Network Resource
Retrieves the current configuration and status of a specified network resource.
Get Network Router
Fetches detailed operational data for a specific router device.
Get Network
Retrieves the overall configuration and status of a designated network.
Get Peer
Fetches detailed information about an individual connected peer device or user.
Get Policy
Retrieves the full details of a specific access policy rule set.
Get Posture Check
Fetches the current rules and status of a security posture verification check.
Get Public User Invite
Retrieves details about an invitation link that is publicly accessible without logging in.
Get Route
Retrieves outdated network route information.
Get Setup Key
Fetches the details of a specific setup key, confirming its status and use.
Get User Token
Retrieves information about a specific user access token.
Invite Msp Tenant
Sends an invitation to an existing account, turning it into a managed service...
List Accessible Peers
Lists all the network peers that are reachable from the current peer's location.
List Accounts
Retrieves a list of every NetBird account connected to the system.
List All Network Routers
Lists all routers deployed across every network in the environment.
List Audit Events
Retrieves a chronological list of all system audit events, showing who did what and...
List Cities
Returns a list of city names associated with a given country code.
List Countries
Provides all available ISO 3166-1 alpha-2 two-letter country codes.
List Groups
Lists every defined logical group within the network structure.
List Msp Tenants
Retrieves a list of all managed service provider tenants under the umbrella account.
List Nameservers
Lists every dedicated nameserver group configured in the network.
List Network Resources
Retrieves a list of all specific resources (subnets, domains) within a given network.
List Network Routers
Lists every router device deployed in a specified network.
List Network Traffic Events
Retrieves experimental data showing network traffic events for analysis.
List Networks
Provides a list of every virtual network configured in the system.
List Peers
Lists all registered and active peers connected to the mesh network.
List Policies
Retrieves a list of every defined access policy rule set.
List Posture Checks
Lists all currently active security posture checks on the network.
List Proxy Events
Retrieves logs detailing access attempts through the reverse proxy layer.
List Routes
Lists outdated network route entries.
List Setup Keys
Shows a list of all setup keys currently active in the system.
List User Invites
Retrieves a queue of pending user invitation links awaiting action.
List User Tokens
Lists all personal access tokens associated with a specific user account.
List Users
Retrieves the full list of every registered user in the system.
Regenerate User Invite
Creates a fresh, new invite link for an existing user account.
Reject User
Marks a pending user invitation as rejected without sending the notification.
Resend User Invite
Resends an existing, previously generated user invitation link to the intended...
Respond Msp Tenant Invite
Accepts or declines a formal Managed Service Provider (MSP) tenant invitation.
Unlink Msp Tenant
Separates an MSP tenant account from its current owner to assign it to someone else.
Update Account
Modifies global account settings, such as changing peer login expiration dates or...
Update Dns Settings
Adjusts the system's DNS parameters, for example, enabling or disabling management...
Update Group
Modifies a group by changing its name, adding peers, or assigning new resources to...
Update Msp Tenant Subscription
Creates or updates the subscription details for an existing MSP tenant.
Update Msp Tenant
Changes the name of a tenant or modifies its associated access groups.
Update Nameserver
Updates the configuration details for an existing nameserver group.
Update Network Resource
Modifies a specific network resource, such as changing its IP range or domain name.
Update Network Router
Updates the operational status or configuration of an existing router device.
Update Network
Changes the descriptive name and details of a virtual network environment.
Update Peer
Modifies peer information, such as changing its SSH status or internal IP address.
Update Policy
Changes the rules governing an existing access policy rule set.
Update Posture Check
Modifies the criteria used in a security posture check, like requiring a specific OS version.
Update Route
Updates outdated network route information.
Update Setup Key
Modifies an existing setup key, allowing you to revoke it or change its associated...
Update User
Updates a user's role, assigned resource groups, or block status without deleting...
Verify Msp Tenant Dns
Validates that the domain name DNS challenge for an MSP tenant is correctly...
Security and governance baked right in.
Pick your AI client below to get set up. Just create a Vinkius account, subscribe, and you're instantly up and running. We handle the entire backend infrastructure, delivering out-of-the-box support for HTTPS Streamable, SSE, and OAuth2—zero messy routing required.
Claude AI
Open Claude Settings
Go to claude.ai, click your profile icon, then navigate to Customize → Connectors.
Add Custom Connector
Click the "+" button and select Add custom connector. Paste your Vinkius endpoint URL:
https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp
Replace [YOUR_TOKEN_HERE] with your token
from cloud.vinkius.com. For OAuth-protected servers, expand
Advanced settings to add credentials.
Start a conversation
Open a new chat. The NetBird integration is available immediately — no restart needed.
Choose How to Get Started
Build a custom MCP for your own tools, or connect a ready-made integration from our catalog.
Build Your Own
Turn any API into an MCP. Import a spec, define Agent Skills, or deploy with MCPFusion.
- Import from OpenAPI, Swagger, or YAML specs
- Create Agent Skills with progressive disclosure
- Deploy to edge with MCPFusion framework
- Built in DLP, auth, and compliance on each call
- Real time usage dashboard and cost metering
- Publish to catalog or keep private
Make Your AI Do More
Start with NetBird, then connect any of our 5,200+ other servers whenever your AI needs more. One click, no limits.
- Use this MCP plus 5,200+ others, all in one place
- Add new capabilities to your AI anytime you want
- Connections are secured and governed automatically
- Track usage and costs across all your servers
- Works with Claude, ChatGPT, Cursor, and more
- New servers added to the catalog weekly
Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by NetBird. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.
VINKIUS CLOUD
Cloud Hosted
Managed infra
V8 Isolated
Sandboxed per request
Zero-Trust Proxy
No stored credentials
DLP Enforced
Policy on each call
GDPR Compliant
EU data residency
Token Compression
~60% cost reduction
The Pain of Dashboard Hopscotch
Today, updating your network setup feels like playing a game of digital hopscotch. You have to jump between the User Management dashboard, then click over to the Policies tab, and finally go back to the Network Resources section just to ensure everything connects correctly. Every single change means logging in, clicking through menus, manually confirming details, and copying/pasting IDs.
With this MCP, all of that manual hopping disappears. Your AI client handles the entire workflow when you talk to it. You state your goal—like 'Add a new subnet and allow traffic from Group A'—and the agent executes multiple steps in sequence, giving you only the final confirmation.
NetBird MCP: Full Network Control
You no longer have to manually run commands or click through five different tabs just to onboard a new user. The agent handles generating the necessary invite link using create_user_invite, managing their status with approve_user, and updating their roles instantly via update_user.
It's simple: your conversation becomes your command line. You manage every aspect of your Zero Trust network from one place.
What NetBird MCP does for your AI
You don't have to navigate multiple dashboards just to onboard one user or update a single policy. Connect your NetBird account through Vinkius to give your AI client direct administrative access to your entire private network. Your agent acts like an experienced net admin, handling complex workflows via natural language prompts.
Need to add a new subnet? You can ask for it and get the resource created instantly. Want to adjust who can talk to whom? Simply tell your agent which policies need updating. If you're managing user lifecycle—like creating service accounts or revoking access—it handles all the necessary steps, from generating invite links to changing passwords.
This setup means that whether you’re working in an IDE, a terminal, or through any other AI client, you maintain full control over your network perimeter without leaving your workflow.
019e38c6-fd4c-727d-829e-2218d7b7b685 
How to set up NetBird MCP
The bottom line is that your AI client treats your network infrastructure like a backend API, letting you manage everything through conversation.
First, subscribe to this MCP and enter your NetBird API Token.
Second, send a natural language request to your AI client, specifying the action you need (e.g., 'List all users who haven't logged in').
Finally, your agent executes the necessary tool calls, retrieves the data, and presents it back to you for review or confirmation.
Who uses NetBird MCP
This MCP is built for system administrators and engineers who deal with complex, constantly changing network environments. It targets the pain of context switching: having to jump from their terminal to a web dashboard just to perform routine access control tasks.
They use this MCP to automate infrastructure changes, such as creating new networks or updating policies, directly within their primary coding environment.
They rely on it for user lifecycle management. Instead of clicking through multiple tabs, they ask the agent to generate invites and manage access approvals in one go.
The analyst uses this MCP to audit current network state by listing all active peers or checking logs for suspicious activity immediately.
Benefits of connecting NetBird MCP
Stop logging into dashboards. Instead of navigating multiple UI sections to update a user's role or block status, you simply ask your agent to use the update_user tool and get it done instantly.
Audit trail control: You no longer have to manually compile audit reports from different tabs. Simply ask your agent to list_audit_events and get a comprehensive log of every activity that happened.
Efficient user onboarding: Instead of creating an account, then sending a link, you can use create_user_invite followed by resend_user_invite to manage the entire process without leaving your chat window.
Network resilience: If a peer's IP changes or their SSH status needs updating, calling update_peer ensures that configuration is consistent across all records. It keeps your network running smoothly.
Security hardening: You can enforce strict security protocols by using create_policy to define precise access rules between sources and destinations, going far beyond simple firewall rules.
NetBird MCP use cases
Offboarding a former employee
The Security Analyst needs to cut off all access for an ex-employee immediately. They prompt the agent: 'Disable user Bob and delete his credentials.' The agent executes delete_user, updates their profile using update_user (to ensure group removal), and finally deletes any associated tokens via delete_user_token.
Adding a new service subnet
The DevOps Engineer needs to connect a newly provisioned server rack. They ask the agent to 'Add the 10.2.3.0/24 subnet and create a network resource.' The agent uses create_network_resource, then updates the relevant policy using update_policy so traffic is allowed.
Handling pending user access requests
The IT Administrator receives an invite for a contractor. Instead of logging into the admin panel, they tell the agent to 'Approve the request from Jane Doe.' The agent runs approve_user and confirms the status change.
Reviewing network connectivity issues
The Security Analyst suspects a rogue connection. They ask the agent to list all connected peers, running list_peers to identify the suspicious MAC address, then use get_peer to check its last reported IP and location.
NetBird MCP tradeoffs
What to watch out for, and the recommended way to handle each one.
Manual manual provisioning
The user logs into the dashboard, manually navigates to 'Users,' creates a new account for Jane, then copies an invite link, sends it via email, and finally checks the status page later.
Instead, ask your agent to run create_user_invite. Then, if they need to resend it, just call resend_user_invite. The entire process stays within your chat window.
Forgetting necessary cleanup steps
The user deletes a network resource using delete_network_resource but forgets to update the associated security policy rules.
Always verify policies first. Use get_policy to check current rules, and then use update_policy before calling delete_network_resource. This ensures no access is accidentally broken.
Guessing user roles
The user tries to change a group's membership directly via chat without knowing if the user account needs an explicit role update first.
Always check the current state. Run get_user before attempting updates, and use update_user to guarantee both the group assignment and the core user profile are updated correctly.
When to use NetBird MCP
Use this MCP if your job involves managing complex network infrastructure where identity, resources, and policies interact constantly. You need automated workflows for things like onboarding users (create_user), adjusting access rules (update_policy), or provisioning new hardware (create_network_resource). This is a pure network operations tool.
Don't use it if you just need to list static data that doesn't require action, such as simply viewing country codes. For basic lookup tasks, an API catalog might be better. Also, don't use this for non-network related administrative tasks like managing billing or user payroll; stick to access control and topology management.
Frequently asked questions about NetBird MCP
How do I change a user’s role using NetBird MCP? +
You update the user's profile directly by calling update_user. This function allows you to manage their assigned roles, auto-groups, or block status without deleting their account.
What if I need to create a whole new isolated network? +
You start by using the create_network tool. Once the container is established, you can then add resources and routers inside it using tools like create_network_resource or create_network_router.
Can I see who has accessed my network recently? (list_audit_events) +
Yes. Use list_audit_events to retrieve a full, chronological list of every system activity that occurred across your NetBird account, showing the initiator and target.
How do I revoke someone's access credentials? +
To completely remove credentials, you can use delete_user or delete_user_token. If you just need to stop them from logging in, update_user lets you change their block status.
What is the difference between create_user and create_user_invite? +
create_user establishes an account (often for a service user), while create_user_invite generates a single, temporary link used to onboard a human user.