Skip to main content
Bearer token authentication is the simplest method - just pass your API key or token as a string.
mcp-use adds Authorization: Bearer <token> to every request automatically.

Quick Start

from mcp_use import MCPClient

config = {
    "mcpServers": {
        "api": {
            "url": "https://api.example.com/mcp/sse",
            "auth": "sk-your-api-key-here"
        }
    }
}

client = MCPClient(config=config)

When to Use

API Keys

Services that issue static API keys for authentication

Service Tokens

Machine-to-machine authentication between services

Personal Access Tokens

GitHub PATs, GitLab tokens, and similar credentials

Internal Services

Pre-shared secrets for private infrastructure

Secure Configuration

import os

config = {
    "mcpServers": {
        "api": {
            "url": "https://api.example.com/mcp/sse",
            "auth": os.getenv("MCP_API_KEY")
        }
    }
}
Never hardcode API keys in source code. Always use environment variables or a secrets manager.

Bearer vs OAuth

Bearer TokenOAuth 2.1
SetupSimpleMore complex
Token refreshManualAutomatic
User consentNot requiredRequired
Token lifetimeLong-livedShort-lived + refresh
Best forAPI keys, servicesUser authentication
If your token expires frequently or requires user authorization, consider using OAuth 2.1 instead.

Security Checklist

1

Use environment variables

Never commit tokens to version control. Use .env files locally and secrets management in production.
2

Rotate tokens regularly

Implement a rotation policy to limit exposure from compromised tokens.
3

Use minimal permissions

If the service supports scoped tokens, request only what you need.
4

Monitor usage

Enable logging to detect unauthorized access attempts.