Wrike Model Context Protocol (MCP)

No. Wrike MCP is fully stateless. It acts as a real-time pass-through to the Wrike API. No data is cached, logged, or stored by the MCP layer. All data persistence happens in Wrike's existing infrastructure.

OAuth 2.0 - the same standard Wrike uses for all API integrations. No static API tokens. Users authenticate through Wrike's OAuth flow and tokens are scoped to their individual permissions. Tokens can be revoked at any time.

Yes. All communication uses HTTPS with TLS 1.2+. The remote SSE endpoint is served from wrike.com/app/mcp/sse behind Wrike's existing TLS infrastructure.

No. MCP enforces Wrike's full RBAC model. A user connecting via MCP can only access exactly what they can access in the Wrike web UI. There is no privilege escalation. Admin-restricted content stays restricted.

No. The Wrike AI Addendum covers Wrike's in-app AI features (e.g., Agent Builder, Wrike Copilot Wrike Assist), which use Azure OpenAI. MCP is a data access protocol - no AI models run on Wrike infrastructure. MCP is architecturally equivalent to any other Wrike API integration.

No. Wrike MCP only receives structured API calls (e.g., "get tasks filtered by status=Active"). It has no visibility into the AI conversation, prompts, or reasoning that generated those API calls.

Yes. All actions performed via MCP appear in Wrike's standard activity stream under the authenticated user's account. They are indistinguishable from actions taken through the web UI - same user attribution, same timestamps, same change records.

Yes. Admins can revoke OAuth tokens at any time. When a user is deprovisioned from Wrike, their MCP access is automatically revoked. OAuth tokens can also be managed centrally through a registered OAuth app.

Yes. MCP uses Wrike's standard OAuth 2.0 flow, which respects your SSO configuration. If your organization uses SAML/SSO for Wrike login, the OAuth flow will go through the same identity provider.

MCP uses a cloud-hosted remote SSE server at wrike.com/app/mcp/sse (EU: app-eu.wrike.com/app/mcp/sse). Since it runs on Wrike's existing infrastructure, your existing Wrike firewall rules and IP allowlists apply. No additional network configuration is needed.

OAuth 2.0 tokens are managed through Wrike's standard infrastructure. Admins can revoke tokens at any time. We recommend a 90-day rotation policy for security best practices.

Yes. Read tools execute freely with no risk. Admins can evaluate read-only usage before enabling write tools. This is a recommended approach for pilot deployments.

No delete operations exist in Wrike MCP. Create actions are additive (non-destructive). Update actions are idempotent (safe to retry). All changes are tracked in the audit trail under the user's account.

No. MCP uses Wrike's existing API infrastructure. Your existing Wrike DPA covers MCP data access. You may need a separate DPA with your AI provider (e.g., Anthropic, Microsoft) for AI processing, but that is independent of Wrike.

No. Wrike does not use customer data for AI model training. MCP doesn't involve any Wrike AI models. Whether your AI provider uses data for training depends on your agreement with that provider (e.g., Claude Enterprise does not train on customer data).

MCP does not create new data transfer flows with Wrike. Data accessed via MCP follows the same paths as the Wrike API. EU customers can use the EU endpoint (app-eu.wrike.com/app/mcp/sse). Data transfer to your AI provider is governed by your agreement with that provider.

All of Wrike's certifications apply because MCP runs on Wrike's existing infrastructure: SOC 2 Type II, ISO 27001, GDPR, and CSA STAR. MCP is not a separate product - it's an additional API access layer within Wrike's certified environment.

No. The Wrike AI Addendum is for Wrike's in-app AI features (e.g., Agent Builder, Wrike Copilot ), which use Azure OpenAI within Wrike. MCP involves no AI processing on Wrike's side. It's a data access protocol in the same category as the Wrike REST API.