Authentication
Every request carries a workspace MCP key as a bearer token. Keys are scoped to a workspace and inherit the scopes of its connections.
Authorization: Bearer mk_live_8f2a91c4e7d3
- Keys are shown once, then stored hashed.
- Rotate or revoke any key from the dashboard — tools drop instantly.
- Tokens behind each connection are encrypted (app-level + KMS) and never exposed to the agent.