Authentication
Authenticate requests to the MCP Platform API using an admin API key for management endpoints, or an MCP API key for gateway tool execution.
Management API authentication
Management endpoints (servers, tools, access control, API keys) require an admin API key.
Bearer token. Format: Bearer YOUR_ADMIN_KEY.
Alternative to the header for server-to-server or tooling scenarios. Do not expose in client-side code.
Gateway authentication
The MCP gateway JSON-RPC endpoint accepts MCP API keys created via the management API.
MCP API key as bearer token. Format: Bearer YOUR_MCP_API_KEY.
Never expose admin keys or MCP API keys in client-side JavaScript, public repositories, or logs. MCP API keys should only be used server-side.
MCP API keys support scoped permissions (tools:execute, tools:read, servers:read). Create keys with the minimum required scopes for your use case.
Last updated today