Skip to main content

Overview

BoostGPT supports multiple authentication methods for your custom MCP servers.

Supported Auth Methods

API Key

Simple key-based authentication

Bearer Token

JWT or OAuth access tokens

Basic Auth

Username and password

OAuth 2.0

Full OAuth authorization flow

API Key Authentication

In OpenAPI Spec

components:
  securitySchemes:
    ApiKeyAuth:
      type: apiKey
      in: header
      name: X-API-Key
security:
  - ApiKeyAuth: []

In Postman Collection

{
  "auth": {
    "type": "apikey",
    "apikey": [
      {
        "key": "key",
        "value": "X-API-Key"
      },
      {
        "key": "value",
        "value": "{{api_key}}"
      },
      {
        "key": "in",
        "value": "header"
      }
    ]
  }
}

Configuration

After creating your MCP server:
1

Go to Settings

Dashboard -> MCP Servers -> Your Server -> Settings
2

Authentication

Select API Key as auth method
3

Configure

  • Header Name: X-API-Key (or your custom header)
  • API Key: Enter your actual API key
4

Save

Click Save - your MCP server will now use this key for all requests

Bearer Token Authentication

In OpenAPI Spec

components:
  securitySchemes:
    BearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT
security:
  - BearerAuth: []

In Postman Collection

{
  "auth": {
    "type": "bearer",
    "bearer": [
      {
        "key": "token",
        "value": "{{access_token}}"
      }
    ]
  }
}

Configuration

1

Go to Settings

Dashboard -> MCP Servers -> Your Server -> Settings
2

Authentication

Select Bearer Token as auth method
3

Enter Token

Paste your bearer token or JWT
4

Save

Token will be included in Authorization: Bearer <token> header

Basic Authentication

In OpenAPI Spec

components:
  securitySchemes:
    BasicAuth:
      type: http
      scheme: basic
security:
  - BasicAuth: []

In Postman Collection

{
  "auth": {
    "type": "basic",
    "basic": [
      {
        "key": "username",
        "value": "{{username}}"
      },
      {
        "key": "password",
        "value": "{{password}}"
      }
    ]
  }
}

Configuration

1

Go to Settings

Dashboard -> MCP Servers -> Your Server -> Settings
2

Authentication

Select Basic Auth as auth method
3

Credentials

  • Username: Your username
  • Password: Your password
4

Save

Credentials will be Base64 encoded in Authorization header

OAuth 2.0

In OpenAPI Spec

components:
  securitySchemes:
    OAuth2:
      type: oauth2
      flows:
        authorizationCode:
          authorizationUrl: https://oauth.example.com/authorize
          tokenUrl: https://oauth.example.com/token
          scopes:
            read: Read access
            write: Write access
security:
  - OAuth2: [read, write]

Configuration

1

Go to Settings

Dashboard -> MCP Servers -> Your Server -> Settings
2

Authentication

Select OAuth 2.0 as auth method
3

OAuth Settings

  • Client ID: Your OAuth client ID
  • Client Secret: Your OAuth client secret
  • Authorization URL: Provider’s auth endpoint
  • Token URL: Provider’s token endpoint
  • Scopes: Required scopes (e.g., read write)
4

Authorize

Click Authorize to complete OAuth flow

Custom Headers

Add custom headers to all requests:
1

Go to Settings

Dashboard -> MCP Servers -> Your Server -> Settings
2

Custom Headers

Click Add Custom Header
3

Configure

  • Header Name: X-Custom-Header
  • Header Value: your-value
4

Save

Custom headers will be included in all requests

Multiple Auth Methods

Some APIs require multiple auth methods: 
# OpenAPI: API Key + Custom Header
components:
  securitySchemes:
    ApiKey:
      type: apiKey
      in: header
      name: X-API-Key
    CustomAuth:
      type: apiKey
      in: header
      name: X-Custom-Auth
security:
  - ApiKey: []
  - CustomAuth: []
Configure both in MCP server settings.

Security Best Practices

  1. Never commit credentials - Use environment variables in Postman
  2. Rotate tokens regularly - Update tokens periodically
  3. Use OAuth when possible - More secure than API keys
  4. Limit scopes - Request only necessary permissions
  5. Monitor usage - Check agent Insights for auth failures

Testing Authentication

Test your auth configuration:
1

Connect to Agent

Add your MCP server to an agent
2

Test in Playground

User: "List users from my API"
Agent: *uses your MCP server with auth* "Found 10 users..."
3

Check Logs

Go to Dashboard -> MCP Servers -> Your Server -> Logs to see auth status

Troubleshooting

  • Verify your credentials are correct
  • Check if token has expired
  • Ensure header name matches API requirements
  • Check if your API key has required permissions
  • Verify OAuth scopes include necessary access
  • For Bearer tokens: Update token in settings
  • For OAuth: Re-authorize to get new access token

Next Steps

OpenAPI Import

Import OpenAPI specification

Postman Import

Upload Postman collection