Authentication
Static credentials
The simplest pattern: one API key, applied to every tool call.
When to use
- Internal MCP servers used by your own team
- Public-data APIs where the key only rate-limits, not authorizes
- Demos and prototypes
Setup
In your project, open Secrets and add a value like API_KEY. Reference it in any tool's headers or query string with {{API_KEY}}.
Rotation
Update the secret value — every subsequent tool call uses the new key. No redeploy.