Authentication & Security
Best practices for securing your MCP Server integrations
Authentication & Security
Learn how to secure your MCP Server integrations and protect sensitive data.
API Key Management
Getting Your API Key
1. Join the waitlist at mcpserver.design
2. Once approved, you'll receive an API key via email
3. Store it securely in environment variables
Using API Keys
// .env file
MCP_API_KEY=mcp_live_abc123xyz789
// In your code
import { MCPClient } from '@mcpserver/sdk';
const client = new MCPClient({
apiKey: process.env.MCP_API_KEY,
});
Authentication Methods
Bearer Token
await client.apis.register({
name: 'my-api',
auth: {
type: 'bearer',
token: process.env.API_TOKEN,
},
});
Basic Auth
await client.apis.register({
name: 'my-api',
auth: {
type: 'basic',
username: process.env.API_USERNAME,
password: process.env.API_PASSWORD,
},
});
OAuth 2.0
await client.apis.register({
name: 'google-api',
auth: {
type: 'oauth2',
clientId: process.env.GOOGLE_CLIENT_ID,
clientSecret: process.env.GOOGLE_CLIENT_SECRET,
refreshToken: process.env.GOOGLE_REFRESH_TOKEN,
},
});
Security Best Practices
1. Environment Variables
Never hardcode sensitive credentials:
// ❌ Bad
const apiKey = 'mcp_live_abc123xyz789';
// ✅ Good
const apiKey = process.env.MCP_API_KEY;
2. API Key Rotation
Rotate your API keys regularly:
Generate a new key
curl -X POST https://api.mcpserver.design/v1/keys/rotate \
-H "Authorization: Bearer $MCP_API_KEY"
3. Rate Limiting
Implement rate limiting to prevent abuse:
const client = new MCPClient({
apiKey: process.env.MCP_API_KEY,
rateLimit: {
maxRequests: 100,
perSeconds: 60,
},
});
4. IP Whitelisting
Restrict access to specific IP addresses:
curl -X POST https://api.mcpserver.design/v1/security/whitelist \
-H "Authorization: Bearer $MCP_API_KEY" \
-d '{"ips": ["203.0.113.0", "198.51.100.0"]}'
5. Audit Logging
Enable audit logging to track API usage:
const client = new MCPClient({
apiKey: process.env.MCP_API_KEY,
logging: {
enabled: true,
level: 'info',
destination: 'cloudwatch',
},
});
Data Encryption
At Rest
All data stored by MCP Server is encrypted at rest using AES-256 encryption.
In Transit
All API communications use TLS 1.3 to encrypt data in transit.
Client-Side Encryption
For extra security, encrypt sensitive data before sending:
import crypto from 'crypto';
function encrypt(text: string, key: string): string {
const cipher = crypto.createCipheriv('aes-256-gcm', key, iv);
let encrypted = cipher.update(text, 'utf8', 'hex');
encrypted += cipher.final('hex');
return encrypted;
}
const encrypted = encrypt(sensitiveData, process.env.ENCRYPTION_KEY);
Compliance
MCP Server is compliant with:
Incident Response
If you suspect your API key has been compromised:
1. Immediately rotate your API key
2. Review audit logs for suspicious activity
3. Contact support@mcpserver.design
4. Update all systems with the new key