Authentication

Static credentials

The simplest pattern: one API key, applied to every tool call.

When to use

  • Internal MCP servers used by your own team
  • Public-data APIs where the key only rate-limits, not authorizes
  • Demos and prototypes

Setup

In your project, open Secrets and add a value like API_KEY. Reference it in any tool's headers or query string with {{API_KEY}}.

Rotation

Update the secret value — every subsequent tool call uses the new key. No redeploy.