A comprehensive Model Context Protocol (MCP) server for Kimai time-tracking integration. Provides tools for timesheet management, project tracking, team collaboration, and reporting with smart user selection and Claude Desktop integration.
Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"kimai": {
"url": "http://your-server:8000/sse",
"headers": {
"Authorization": "Bearer MCP-SERVER-TOKEN",
"X-Kimai-Token": "YOUR-PERSONAL-KIMAI-TOKEN"
}
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
A comprehensive Model Context Protocol (MCP) server for integrating with the Kimai time-tracking API. This server allows AI assistants like Claude to efficiently interact with Kimai instances to manage time tracking, projects, activities, customers, users, teams, absences, and more.
Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.
uvx 'kimai-mcp' 2>&1 | head -1 && echo "✓ Server started successfully"
After testing, let us know if it worked:
Five weighted categories — click any category to see the underlying evidence.
No known CVEs.
Checked kimai-mcp against OSV.dev.
Click any tool to inspect its schema.
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in productivity / analytics
Dynamic problem-solving through sequential thought chains
mini cli search engine for your docs, knowledge bases, meeting notes, whatever. Tracking current sota approaches while being all local
Persistent memory using a knowledge graph
MCP server for monday.com integration.
MCP Security Weekly
Get CVE alerts and security updates for Kimai_mcp and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
A comprehensive Model Context Protocol (MCP) server for integrating with the Kimai time-tracking API. This server allows AI assistants like Claude to efficiently interact with Kimai instances to manage time tracking, projects, activities, customers, users, teams, absences, and more.
# Install from PyPI
pip install kimai-mcp
# Run with your Kimai credentials
kimai-mcp --kimai-url=https://your-kimai.com --kimai-token=your-token
# Or use the interactive setup wizard
kimai-mcp --setup
For enterprise/team environments: Deploy the server once and let all users connect remotely!
| Server | Command | Best For |
|---|---|---|
| Local | kimai-mcp | Claude Desktop, single user, development |
| Streamable HTTP | kimai-mcp-streamable | Claude.ai Connectors (web/mobile), teams |
| SSE Server | kimai-mcp-server | Deprecated — do not use (see below) |
Deprecation notice: The SSE server (
kimai-mcp-server) is deprecated and not functional (the SSE transport was removed from the MCP specification). It prints a startup warning. Use the Streamable HTTP server (kimai-mcp-streamable) instead.
Since v2.12.0 the Streamable HTTP server includes an OAuth 2.1 authorization server. Users authenticate with a user slug and a per-user auth_secret instead of a secret URL.
# 1. Generate a random slug and an auth_secret per user
python -c "import secrets; print(secrets.token_urlsafe(16))" # slug
python -c "import secrets; print(secrets.token_urlsafe(32))" # auth_secret
# 2. Create config file
mkdir config
cat > config/users.json << 'EOF'
{
"xK9mP2qW7vL4aB8c": {
"kimai_url": "https://your-kimai.com",
"kimai_token": "your-api-token",
"auth_secret": "long-random-oauth-login-secret"
}
}
EOF
# 3. Start server
docker-compose up -d
Security Warning: Use random slugs, NOT usernames! The server warns at startup about low-entropy slugs (shorter than 16 characters or plain lowercase words). Slugs may only contain letters, digits,
-and_.
The Streamable HTTP server works with Claude.ai custom connectors:
auth_secret for each user in users.json (see above)kimai-mcp-streamable \
--users-config ./config/users.json \
--public-url https://mcp.example.com \
--trusted-proxy 127.0.0.1 \
--oauth-state-file ./config/oauth_clients.json \
--disable-legacy-slugs
https://mcp.example.com/mcp (no slug in the URL)auth_secret.Access tokens are valid for 1 hour and refreshed automatically (refresh tokens up to 30 days). Tokens are kept in memory, so users must reconnect after a server restart.
Legacy endpoints: The previous per-user URLs /mcp/{slug} still work but are deprecated. Migrate to the OAuth endpoint /mcp and start the server with --disable-legacy-slugs.
Instead of the built-in slug + auth_secret form, the Streamable HTTP server can delegate user authentication to any standard OpenID Connect provider (Microsoft Ent