Truefoundry allows you add MCP servers with the following authentication mechanisms: No Auth, Header Auth and OAuth2.
In this case, the authentication server can be accessed by anyone. This can be the case for demo APIs, or APIs that can be public like a Calculator MCP Server or Deepwiki MCP server(https://mcp.deepwiki.com/mcp)
This is not recommended for any production MCP server or servers that provide access to some data.
Header-based authentication allows you to secure your MCP Server by requiring a specific API key or token in the request headers. This method is ideal for APIs that use static credentials for access control.
For example, the Hugging Face MCP server follows Header Auth which requires your HuggingFace token to be sent in the header of the request.
Header Based Auth are used by MCP servers that don’t support user-specific authentication methods like Oauth2 and instead have a static API key or token. In this case, all users calling the MCP server will use the same token.
OAuth2 authentication lets you secure your MCP Server with delegated, user-based access. In this case, every user will have their own token and the MCP server will grant access to only the resources that the user has access to.
Oauth2 is supported by many of the popular MCP servers like Slack, Github, Atlassian, etc. You can also add Oauth authentication to your MCP servers you build using the flow mentioned below.
MCP Server deployment list
<tfy-control-plane-base-url>
with your TrueFoundry control plane URL.MCP Server registration interface
Adding a new MCP Server
Tip: For enhanced security, store your OAuth2 credentials in the TrueFoundry secrets store and reference their FQN in your configuration.
You can use the AI Gateway or MCP Gateway API to test and interact with your MCP Server using LLMs and tools.
Authorize your MCP Server in AI Gateway
Revoke your OAuth2 authorization
MCP Server listed after authentication
Choose OAuth2 Authentication when:
Note: Support for OAuth 2.0 Dynamic Client Registration is coming soon to AI Gateway’s MCP servers. This will allow AI agents and clients to register and authenticate with MCP servers automatically at runtime, making integration more scalable and secure.
Truefoundry allows you add MCP servers with the following authentication mechanisms: No Auth, Header Auth and OAuth2.
In this case, the authentication server can be accessed by anyone. This can be the case for demo APIs, or APIs that can be public like a Calculator MCP Server or Deepwiki MCP server(https://mcp.deepwiki.com/mcp)
This is not recommended for any production MCP server or servers that provide access to some data.
Header-based authentication allows you to secure your MCP Server by requiring a specific API key or token in the request headers. This method is ideal for APIs that use static credentials for access control.
For example, the Hugging Face MCP server follows Header Auth which requires your HuggingFace token to be sent in the header of the request.
Header Based Auth are used by MCP servers that don’t support user-specific authentication methods like Oauth2 and instead have a static API key or token. In this case, all users calling the MCP server will use the same token.
OAuth2 authentication lets you secure your MCP Server with delegated, user-based access. In this case, every user will have their own token and the MCP server will grant access to only the resources that the user has access to.
Oauth2 is supported by many of the popular MCP servers like Slack, Github, Atlassian, etc. You can also add Oauth authentication to your MCP servers you build using the flow mentioned below.
MCP Server deployment list
<tfy-control-plane-base-url>
with your TrueFoundry control plane URL.MCP Server registration interface
Adding a new MCP Server
Tip: For enhanced security, store your OAuth2 credentials in the TrueFoundry secrets store and reference their FQN in your configuration.
You can use the AI Gateway or MCP Gateway API to test and interact with your MCP Server using LLMs and tools.
Authorize your MCP Server in AI Gateway
Revoke your OAuth2 authorization
MCP Server listed after authentication
Choose OAuth2 Authentication when:
Note: Support for OAuth 2.0 Dynamic Client Registration is coming soon to AI Gateway’s MCP servers. This will allow AI agents and clients to register and authenticate with MCP servers automatically at runtime, making integration more scalable and secure.