Blog

Introducing OAuth Apps and MCP for DoubleTime

June 14, 2026 · 6 min read time

TL;DR: DoubleTime now supports OAuth apps and an MCP server, so trusted tools can connect to your account with clear approval, scoped permissions, and the ability to revoke access later.

Work does not happen in one place anymore.

You might plan in one tool, track time in another, send invoices from DoubleTime, check reports at the end of the week, and ask an AI assistant to help make sense of the admin sitting between all of it.

That is useful, but it also raises an important question: how do you let helpful tools work with your billing data without handing over more access than they need?

The answer is not "just copy a token somewhere and hope for the best".

That is why DoubleTime now supports OAuth apps and MCP access.

OAuth and MCP are technical foundations, but the goal is practical: make it easier for trusted apps, automations, and AI clients to help with real work while keeping permissions clear, reviewable, and limited.

OAuth gives apps a cleaner way to ask for access

OAuth is the approval flow many people already know from connecting one app to another.

Instead of creating a broad token and pasting it into a tool, an app can ask DoubleTime for permission. DoubleTime shows an approval screen, explains what the app wants to do, and records the permissions you allow.

For DoubleTime, that means external apps can request access to specific areas such as profile details, tasks, time entries, clients, projects, tags, rules, invoices, reports, billing, or settings.

It also means the access is easier to understand later. Connected apps appear in DoubleTime so you can review what you have approved and revoke access when you no longer need it.

For developers and private workflows, OAuth also gives custom apps a more standard foundation. DoubleTime supports public clients using PKCE, confidential clients with a client secret, scoped permissions, and separate access targets for the REST API and MCP server.

In plain English: integrations can be more focused, more explicit, and easier to control.

MCP brings DoubleTime into your AI tools

MCP, short for Model Context Protocol, is a way for AI clients and developer tools to connect to services like DoubleTime through a structured set of tools.

With DoubleTime's MCP server, supported clients can request approved access and then use DoubleTime tools through that connection. That could be an AI assistant in a coding tool, a command-line client, or another MCP-compatible app.

This is not about replacing DoubleTime's interface. It is about making the work around DoubleTime less manual.

For example, an approved MCP client can help with things like:

  • finding billable task candidates for an invoice

  • listing tasks, time entries, clients, projects, tags, and rules

  • creating or updating tasks and time entries

  • preparing invoice drafts from tracked work

  • previewing or sending invoices when the right permissions are approved

  • recording invoice payments

  • running reports and checking Billing Hub summaries

That opens the door to more natural workflows. You can ask a tool to gather the right billing context, check what is ready to invoice, or summarise work without manually jumping through every screen yourself.

The important part is control

The exciting part is not just that DoubleTime can connect to more tools.

The important part is that those tools can be limited.

MCP requires its own approval. A client that only needs to read tasks should not automatically get invoice sending permissions. A tool that needs to draft invoices should not automatically get settings permissions. Write permissions require the matching read permissions, and sensitive actions such as sending invoices should be treated as deliberate user actions.

That matters because billing data is not casual data. It includes clients, rates, invoices, payment records, and the work behind your income.

When a connected tool asks for access, you should be able to understand what it wants and say no if it asks for too much.

DoubleTime's new OAuth and MCP support is built around that idea. Approve what makes sense. Keep the rest closed. Revoke access later if the workflow changes.

What this means for everyday work

For freelancers, contractors, consultants, and small teams, the benefit is not abstract.

That shows up in a few practical ways:

  • Invoice prep gets lighter. Instead of manually checking the month's work, an approved tool can find billable work for a client and prepare a draft invoice for review.

  • Private scripts can stay narrow. Rather than giving a script broad access to everything, you can grant only the areas it needs, such as clients, projects, and time entries.

  • AI help becomes practical. Instead of an AI tool only talking about your work in theory, it can use the DoubleTime tools you approved, within the boundaries you approved.

That is a much better foundation for the next stage of client-work automation.

What this could look like

Here are a few workflows this makes easier:

  • Ask an AI client to review Billing Hub and explain what is ready to invoice.

  • Have a private app create a client and project after a new engagement starts.

  • Let an approved tool find invoice import candidates for a specific client and date range.

  • Run a report before a weekly client update.

  • Record a payment after an invoice has been paid.

  • Revoke a connected app when you stop using it.

None of those should require handing every tool permanent, unlimited access to your account.

Where to get started

If you are using DoubleTime and want to connect an MCP-compatible AI tool, open Integrations in your account and look for the DoubleTime MCP server setup.

You can also read the public setup guides:

If you are building a private integration, start with OAuth Apps & Permissions. If you want an AI client to work with DoubleTime directly, start with the MCP guide.

Either way, the principle is the same: connect trusted tools, approve only the permissions they need, and keep control in your DoubleTime account.

Final thoughts

Time tracking and invoicing are already detailed enough. The workflows around them should not have to be manual as well.

OAuth and MCP give DoubleTime a better way to fit into the tools people are already using. They also do it with clearer approval, narrower permissions, and a simple way to revoke connections later.

That combination matters.

Useful automation is great. Useful automation with clear boundaries is better.