
---

# 🔐 **Authentication** – *Secure Access to Your MCP Server*

---

## 📌 What It Does

MCP allows you to **secure endpoints** using authentication mechanisms so only trusted clients or users can interact with the server and its tools.

---

## 🚀 Common Use-Cases

| Scenario                | Why Use It                                  |
| ----------------------- | ------------------------------------------- |
| 🌐 Public-facing APIs   | Restrict access to authorized users         |
| 🧪 Internal dev tools   | Prevent misuse of AI toolchains             |
| 🧱 Admin-only endpoints | Enforce role-based access for configuration |

---

## 🧰 Available Auth Methods

| Method            | Description                                        |
| ----------------- | -------------------------------------------------- |
| `basic_auth`      | Simple username-password check (dev/test friendly) |
| `api_key`         | Secure access using a static key                   |
| `custom_callable` | Define your own validation logic                   |

---

## ⚙️ How to Use in MCP

### ✅ Basic Auth Example

```python
from mcp.server.auth import basic_auth

server = MCPServer(auth=basic_auth("admin", "password123"))
```

---

### 🔑 API Key Auth Example

```python
from mcp.server.auth import api_key_auth

server = MCPServer(auth=api_key_auth("my-secret-key"))
```

---

### 🛠️ Custom Auth Callable

```python
def my_auth(headers):
    token = headers.get("authorization")
    return token == "Bearer mytoken123"

server = MCPServer(auth=my_auth)
```

---

## 🧱 Best Practices

| Practice                      | Why It Helps                          |
| ----------------------------- | ------------------------------------- |
| 🔄 Use API keys in prod       | More secure than plaintext passwords  |
| 🚫 Avoid hardcoding secrets   | Use `.env` or secret managers         |
| ✅ Add auth early in dev cycle | Prevent open endpoints from the start |

---

## 🔐 Where Auth Applies

| Area                      | Auth Required |
| ------------------------- | ------------- |
| Tool execution endpoints  | ✅ Yes         |
| Prompt completions        | ✅ Yes         |
| Server dashboard (future) | ✅ Optional    |

---

## ✅ Summary

| Feature     | Purpose                             |
| ----------- | ----------------------------------- |
| Basic Auth  | Quick dev/test protection           |
| API Key     | Simple production-grade security    |
| Custom Auth | Full flexibility for enterprise use |

---

