At Adobe Summit 2026, Adobe officially featured the Marketo MCP server as part of its broader agentic AI vision for the platform. Teams are paying attention, and many are planning to set it up. There’s just one thing worth knowing before you start: as of the time of writing, the server is still in closed beta, access requires your Marketo instance to be allowlisted by Adobe, and the setup process has a few gaps between what the documentation says and what you actually encounter in practice.
We worked through the setup process during the beta, and this post shares what we found — including a security detail in the default configuration that is easy to miss, and some practical notes to complement Adobe’s setup guide. Adobe’s own documentation includes a disclaimer noting that MCP “may present security or reliability risks” and that the integration is provided “as is.” That’s honest context, and it’s worth keeping in mind as you plan your rollout.
Whether you’re a Marketo admin planning the technical setup, or a marketing leader trying to understand what your team is about to connect to your instance, this post covers both the why and the how.
First, What Exactly Is the Marketo MCP Server?
If you’re not familiar with the term “MCP”, you’re not alone. Let’s start from the beginning.
The short version
MCP stands for Model Context Protocol. It’s an open standard — originally developed by Anthropic, the AI company behind Claude, and now adopted across the AI industry by companies including OpenAI, Google DeepMind, and Microsoft — that gives AI tools a standardised way to connect to external services.
Think of it like a universal plug. Before MCP, every AI tool needed a custom-built connection to every platform it wanted to work with. MCP creates a single standard that any compliant AI tool can use to talk to any compliant platform. Adobe has built a Marketo MCP server, which means any AI tool that supports MCP can now communicate directly with your Marketo instance.
What it means in practice
Instead of logging into Marketo, clicking through menus, and performing actions manually — or writing API code to automate them — you can give an AI assistant plain-language instructions like:
“Show me all active smart campaigns in the demand generation workspace” “Clone this webinar programme into the Q3 Events folder” “What forms are currently embedded on our product pages?” “Create a bulk export of leads created in the last 30 days” “Show me the flow steps in the Welcome Email campaign” |
The server handles over 100 operations across programmes, smart campaigns, leads, forms, emails, snippets, lists, and folders. The AI handles the underlying API calls on your behalf — you interact in plain English, not code.
Current access status (April 2026): The Marketo MCP server is in closed beta and is not available to all users. To connect, your Marketo instance’s Munchkin ID must be added to Adobe’s server-side allowlist. Without this, you will receive a 403 Forbidden error regardless of how correctly your setup is configured. Contact Adobe or your account team to request access. |
Why this is a big deal for marketing ops
Marketo’s REST API has always been powerful, but using it properly has required either developer support or a deeply technical marketing ops practitioner. Most marketing teams have had to choose between what they could do in the UI and what they could afford to have built.
MCP changes that equation. It means a skilled Marketo user who understands the platform’s data model — but who isn’t a developer — can instruct an AI to carry out complex, multi-step operations in plain English. That opens up a new class of use cases: rapid campaign auditing across large instances, bulk programme restructuring, systematic smart list analysis, and lead data operations that previously required custom extracts or developer involvement.
This is why teams are moving quickly to set it up. And it’s also why getting the setup right matters.
Setup Notes From the Field
Adobe’s official setup guide is a solid starting point. As we worked through the beta configuration, we picked up a few practical notes that complement the documentation and are worth knowing in advance. We’re sharing them here so your setup goes more smoothly than it might otherwise.
Finding 1: Some AI tools may need an alternative configuration format
Adobe’s documentation shows a configuration structure that uses “type”: “http” to connect an AI tool to the MCP server:
| “marketo”: { “type”: “http”, “url”: “https://marketo-mcp.adobe.io/mcp”, “headers”: { … } } |
Depending on which AI tool and version you’re using, this format may not be recognised. MCP client support is evolving quickly across different applications, and not every tool handles the HTTP transport type identically. If you see an error indicating the entry is not a valid MCP server configuration, an alternative approach that worked reliably in our testing is to use mcp-remote as a local bridge (covered below).
Finding 2: Node.js is required for the mcp-remote approach
If your AI tool doesn’t support the HTTP transport format directly, mcp-remote is a widely-used open-source package that acts as a local bridge — it accepts the connection from your AI tool and forwards it to the remote MCP server. It’s run via npx, which is part of Node.js.
Node.js is a developer tool that many marketing ops practitioners may not have installed. If you’re not sure, open Terminal (Mac) or PowerShell (Windows) and run:
npx –version
If you get a version number back, you’re set. If you get “command not found”, you’ll need to install Node.js from nodejs.org — download the LTS version and run the installer. Once installed, close and reopen your terminal and try the version check again.
The mcp-remote configuration
With Node.js installed, here is the configuration structure that worked reliably in our testing. The mcp-remote package is called as a command, passing your credentials as headers:
| “marketo”: { “command”: “npx”, “args”: [ “mcp-remote”, “https://marketo-mcp.adobe.io/mcp”, “–header”, “X-Marketo-Client-Id:${MARKETO_CLIENT_ID}”, “–header”, “X-Marketo-Client-Secret:${MARKETO_CLIENT_SECRET}”, “–header”, “X-Marketo-Munchkin-Id:${MARKETO_MUNCHKIN_ID}”, “–header”, “X-Marketo-Endpoint:${MARKETO_ENDPOINT}” ], “env”: { “MARKETO_CLIENT_ID”: “${MARKETO_CLIENT_ID}”, “MARKETO_CLIENT_SECRET”: “${MARKETO_CLIENT_SECRET}”, “MARKETO_MUNCHKIN_ID”: “${MARKETO_MUNCHKIN_ID}”, “MARKETO_ENDPOINT”: “${MARKETO_ENDPOINT}” } } |
Note that the credentials above are already using environment variable references (the ${VARIABLE_NAME} format), which is exactly what the security section of this post recommends. We’ll cover how to set those up shortly.
Finding 3: Allowlist access is required during closed beta
Because the server is in closed beta, Adobe maintains a server-side allowlist of approved Marketo instances. Before your connection can succeed, your Munchkin ID needs to be registered with Adobe. If your instance hasn’t yet been added, you’ll receive a 403 Forbidden error from Adobe’s server that looks like this:
Connection error: StreamableHTTPError: Error POSTing to endpoint: {“detail”:”Forbidden”} code: 403 |
This is expected behaviour for a closed beta — it’s how Adobe controls who has access during this phase. To get your instance added, contact Adobe or your account team and request that your Munchkin ID be added to the allowlist for the Marketo MCP server.
If you see a 403 error during setup:\ This is a closed beta access request, not a credentials issue. Your configuration is likely correct. The next step is to contact Adobe to request allowlist access for your Munchkin ID. |
The Security Detail That’s Easy to Miss
How the connection is set up
To connect an AI tool to the Marketo MCP server, you configure a file on your machine that tells the AI tool how to reach Marketo and how to authenticate. As documented by Adobe, the setup requires four values from your Marketo instance:
- Client ID
- Client Secret
- Munchkin Account ID
- REST API Endpoint
The default setup has you pasting these values directly into the configuration file. That looks something like this:
| “X-Marketo-Client-Id”: “a1b2c3d4-0000-0000-0000-example00001”, “X-Marketo-Client-Secret”: “ExAmPl3S3cr3t-NotReal-ReplaceThis00” |
Why this creates a risk
That configuration file is plain text. And plain-text files containing credentials have a well-documented habit of ending up places they shouldn’t.
During a troubleshooting session while working with the beta, these credentials surfaced in full inside a shared log file — exactly the kind of output that routinely gets passed to colleagues, support teams, or community forums like Marketo Nation. In other scenarios, it’s a GitHub commit where someone accidentally included their config files, a Slack message with a screenshot, or a backup that lands in shared cloud storage.
Here’s why this matters more than a typical password exposure:
Your Marketo Client ID and Client Secret are not a login to a single account. Together, they are the credential pair used to generate API access tokens for your Marketo instance. Anyone who obtains both can authenticate against your Marketo API and operate with whatever permissions the associated API user has been set up with — which for an MCP integration managing programmes, leads, forms, and emails, is typically broad. There is no separate login prompt. No two-factor authentication. Just the credentials, and access. |
Five reasons this risk is higher than it looks
You might be thinking: “I’ll just be careful about where I share things.” That’s the right instinct, but here’s why it’s not enough on its own:
1. Logs are built to be shared
When something breaks, sharing the log is the standard first step. If your credentials are embedded in a plain-text config that feeds into those logs, they become part of your debugging outputs by default. This isn’t a rare edge case — it’s the normal flow of technical troubleshooting.
2. Config files travel
Configuration files get copied between machines, saved to cloud drives, included in setup scripts, and sometimes committed to code repositories. A file called “mcp-config.json” looks like a technical settings file. It doesn’t trigger the instinctive caution that a file called “passwords.txt” would.
3. This is new territory without established norms
The security practices around CRM integrations, marketing automation APIs, and SaaS connectors are well established — because those patterns have existed for years and teams have learned (sometimes the hard way) what to watch out for. AI tool configurations are new. Most teams setting this up right now are doing it for the first time, following documentation, and not necessarily thinking about where the security gaps are.
4. Rotation is a pain if credentials are scattered
If your credentials are hardcoded into multiple config files, scripts, or tools, rotating them after any potential exposure means tracking down every single reference and updating it manually. Miss one, and you have an exposure you don’t know about. There’s a better approach.
5. The stakes are high
Your Marketo instance likely holds your full lead database, active revenue-generating campaigns, compliance-relevant data, and personalisation assets. A compromised API key isn’t an inconvenience — it’s a genuine risk to pipeline, data integrity, and depending on your region, regulatory compliance.
The Fix: Environment Variables (And Why They Work)
What an environment variable is
If you’re not technical, here’s a plain-English explanation: an environment variable is a named value stored securely on your computer at the operating system level. Instead of putting your actual credential inside a config file, you store the value once on your machine and then reference it by name in your config.
The config file itself never contains the real credential. It just contains the variable’s name, like a placeholder. When your AI tool launches, it looks up the real value from the operating system automatically.
Here’s the practical difference. With plain-text credentials, your log file shows:
| X-Marketo-Client-Secret: ExAmPl3S3cr3t-NotReal-ReplaceThis00 |
With environment variables, your log file shows:
| X-Marketo-Client-Secret: ${MARKETO_CLIENT_SECRET} |
The variable name appears. The actual value never does. You can share that log with anyone.
Setting it up on macOS
You’ll need to use the Terminal application (found in Applications → Utilities). Don’t be put off if you don’t use it often — these are simple copy-and-paste commands.
Step 1 — Store your credentials as environment variables
Open Terminal and run the following four commands, replacing the example values with your real Marketo credentials. (Find these in Marketo under Admin → LaunchPoint for your Client ID and Secret, and Admin → Web Services for your REST endpoint.)
echo ‘export MARKETO_CLIENT_ID=”a1b2c3d4-0000-0000-0000-example00001″‘ >> ~/.zshrc echo ‘export MARKETO_CLIENT_SECRET=”ExAmPl3S3cr3t-NotReal-ReplaceThis00″‘ >> ~/.zshrc echo ‘export MARKETO_MUNCHKIN_ID=”000-EXM-000″‘ >> ~/.zshrc echo ‘export MARKETO_ENDPOINT=”https://000-EXM-000.mktorest.com/rest”‘ >> ~/.zshrc |
Step 2 — Reload your shell
This applies the changes to your current Terminal session:
source ~/.zshrc
Step 3 — Make variables available to desktop apps
Most AI desktop applications don’t read your shell profile automatically on launch. Run these additional commands to make the variables available to any GUI application on your Mac:
launchctl setenv MARKETO_CLIENT_ID “a1b2c3d4-0000-0000-0000-example00001” launchctl setenv MARKETO_CLIENT_SECRET “ExAmPl3S3cr3t-NotReal-ReplaceThis00” launchctl setenv MARKETO_MUNCHKIN_ID “000-EXM-000” launchctl setenv MARKETO_ENDPOINT “https://000-EXM-000.mktorest.com/rest” |
| Note: launchctl variables reset when you restart your Mac. For a permanent setup that survives reboots, you can create a launchd plist file in ~/Library/LaunchAgents/. Get in touch with us if you’d like the template — we’re happy to share it. |
Setting it up on Windows
On Windows, environment variables are managed through PowerShell or through a built-in GUI. Both options are straightforward.
Option A — Using PowerShell (recommended)
Open PowerShell (search for it in the Start menu) and run these four commands, replacing the example values with your real credentials:
[System.Environment]::SetEnvironmentVariable(“MARKETO_CLIENT_ID”, “a1b2c3d4-0000-0000-0000-example00001”, “User”) [System.Environment]::SetEnvironmentVariable(“MARKETO_CLIENT_SECRET”, “ExAmPl3S3cr3t-NotReal-ReplaceThis00”, “User”) [System.Environment]::SetEnvironmentVariable(“MARKETO_MUNCHKIN_ID”, “000-EXM-000”, “User”) [System.Environment]::SetEnvironmentVariable(“MARKETO_ENDPOINT”, “https://000-EXM-000.mktorest.com/rest”, “User”) |
The “User” scope means these variables are saved permanently for your Windows account and will persist across reboots.
Option B — Using the Windows GUI
If you prefer not to use PowerShell: search for “Edit the system environment variables” in your Start menu. Click “Environment Variables…”, then under the “User variables” section, click “New” and add each of the four variables with their values. Click OK to save.
Updating your config file
With your environment variables in place, open your AI tool’s MCP configuration file and update the Marketo credential entries to reference the variable names rather than the actual values:
“X-Marketo-Client-Id”: “${MARKETO_CLIENT_ID}”, “X-Marketo-Client-Secret”: “${MARKETO_CLIENT_SECRET}”, “X-Marketo-Munchkin-Id”: “${MARKETO_MUNCHKIN_ID}”, “X-Marketo-Endpoint”: “${MARKETO_ENDPOINT}” |
Restart your AI tool, and your configuration file now contains no sensitive data. You can share it, back it up, or hand it to a colleague without any risk.
Quick setup checklist
Before you connect your instance to anything, run through this:
- Node.js installed and npx –version returns a version number
- mcp-remote configuration format in use if your AI tool does not support the HTTP transport type natively
- Munchkin ID allowlist request submitted to Adobe for closed beta access
- Four environment variables defined and verified (MARKETO_CLIENT_ID, MARKETO_CLIENT_SECRET, MARKETO_MUNCHKIN_ID, MARKETO_ENDPOINT)
- On macOS: launchctl commands run so desktop applications can read the variables
- Config file updated to use ${VARIABLE_NAME} references — no plain-text credentials remaining
- AI tool restarted after all changes
- A dedicated API user created in Marketo with only the permissions your MCP integration actually needs
- Client Secret rotated in Marketo Admin → LaunchPoint if credentials were ever shared in plain text
A Note for Marketing Leaders
If you manage a team that’s setting this up, the above is worth knowing at a high level — not because you need to run the commands yourself, but because it’s the kind of thing that rarely gets flagged in a project update unless someone’s specifically looking for it.
AI integrations into marketing platforms are becoming standard infrastructure. Adobe’s Marketo MCP server is part of a broader shift where HubSpot, Salesforce, and other major platforms are all building official MCP implementations. The category is moving fast, and your teams will be setting these up throughout 2026.
The security principles involved are not new or complicated. Use a dedicated API user with only the permissions the integration needs. Store credentials as environment variables, not in config files. Rotate secrets if there’s any chance of exposure. Review what any AI tool can access with the same scrutiny you’d apply to a third-party connector.
These aren’t AI-specific practices. They’re just good ones. And they’re worth building into your team’s setup process now, before AI-to-Marketo connections become routine.
Working with Marketo and AI? We’d Love to Help.
At Marketing Automation Corp, we work with marketing operations teams every day on Marketo architecture, AI integrations, and the practical challenge of keeping your instance secure and well-governed as the technology evolves.
If you’re setting up the Marketo MCP server, planning an AI integration, or simply want a second set of eyes on how your instance is configured — we’re happy to talk. No hard sell. Just a straightforward conversation about what you’re trying to do and whether we can help.
Get in touch → [email protected] Or visit marketingautomationcorp.com to learn more about what we do. |
