Authentication

Authentication ensures that only authorized AI agents can access your tools. MCP Registry supports several authentication methods.

Authentication Methods

API Key Authentication

The simplest method. Include an API key in request headers.

Authorization: ApiKey your-api-key-here

When to use: Internal tools, simple integrations, development environments.

Bearer Token (OAuth2)

Use OAuth2 bearer tokens for more secure authentication.

Authorization: Bearer your-access-token

When to use: Production environments, user-specific data access, third-party integrations.

No Authentication

For public APIs that don’t require authentication. Use with caution.

When to use: Public data endpoints, demo servers, read-only public information.

Setting Up Authentication

In the Dashboard

  1. Navigate to your server settings
  2. Click Authentication
  3. Select your authentication method
  4. Configure the required credentials
  5. Save changes

Environment Variables

Store sensitive credentials as environment variables:

  • MCP_API_KEY: Your API key
  • MCP_CLIENT_ID: OAuth2 client ID
  • MCP_CLIENT_SECRET: OAuth2 client secret

User-Level Authentication

For tools that access user-specific data, you can configure delegated authentication:

  1. Users authorize your server to act on their behalf
  2. MCP Registry handles token exchange
  3. Your tools receive user-scoped access tokens

This is ideal for:

  • Personal data access (email, calendar, files)
  • User-specific actions (posting, updating profiles)
  • Multi-tenant applications

Security Best Practices

  • Rotate credentials regularly: Update API keys every 90 days
  • Use environment variables: Never hardcode credentials
  • Implement rate limiting: Protect against abuse
  • Log access attempts: Monitor for suspicious activity
  • Use HTTPS only: All API endpoints must use HTTPS