Skip to main content
Give different MCP clients different API keys, each with different powers — reader can list tools, agent-bot can call them, admin can do everything.
No auth configured? Nothing changes. With no keys set, granted_scopes is None and every method is allowed. Scoped keys are 100% opt-in — existing setups keep working untouched.

Quick Start

1

Create a keys file

Give each client a key and a list of scopes. * means “all scopes”.
keys.json
2

Serve with the keys file

Each request sends its key as a Bearer token. The server looks up the key, resolves its scopes, and enforces them per method.
3

Single key (unchanged)

A single scalar key still works and gets wildcard (*) scope — every method allowed.

How It Works

Each method has a required scope. The transport resolves the caller’s key to granted_scopes and the server checks it before running the handler.
When no key store is configured, granted_scopes is None and the check is skipped — allow all.

Two Ways to Configure

Pick the shortest path for your setup.

A) Single key (wildcard)

Behaviour is unchanged. The scalar --api-key is wrapped as a single key with wildcard (*) scope, so it satisfies every method — the scalar path and the multi-key path share the same enforcement.

B) Multiple scoped keys

keys.json

Scopes and Methods

Each MCP method maps to a required scope in OPERATION_SCOPES. Runtime log-level changes are administrative, so logging/setLevel sits behind the admin scope — a client cannot quiet or verbose the server’s logging without an admin key. Available scopes:
Scopes are hierarchical: tools:call implies tools:read, resources:subscribe implies resources:read, tasks:write implies tasks:read, and admin implies everything.

Error Response

A request without the required scope returns a JSON-RPC error with code -32001.
Over HTTP the response also carries a challenge header naming the missing scope:
The client can read scope="…" to know exactly which grant to request next.

Common Patterns

Match a key’s scopes to what each client actually needs.
A monitoring bot that only lists tools and reads status — no execution.

Best Practices

Start from tools:read and add only what a client needs. Reserve * and admin for maintenance keys, not day-to-day clients.
Give each bot or service its own key so you can rotate or revoke it without affecting others. Name keys by role (reader, agent-bot, admin).
Add the replacement key alongside the old one, point clients at the new key, then delete the old entry. No restart of clients is forced mid-rotation.
Treat keys.json like any secret — store it outside the repo and restrict file permissions. Never commit real keys.

PraisonAI MCP Server

Run PraisonAI as an MCP server over STDIO or HTTP Stream.

MCP Authentication

API key and OAuth options for securing MCP.