Authentication

Authentication for HTTP API data sources can be configured to ensure secure access to the APIs. In Infragate, when setting up an HTTP API data source, you can choose from several authentication methods depending on the requirements of the API you are integrating with. The available authentication methods include:

No Authentication: Use this option if the API is publicly accessible and does not require any authentication
API Key: Provide an API key that will be included in the request headers or query parameters to authenticate requests.
Bearer Token: Use a bearer token for authentication, typically included in the Authorization header of the HTTP request.
Basic Authentication: Use a username and password combination encoded
OAuth 2.0: Implement OAuth 2.0 authentication flow to obtain access tokens for secure API access. Client credentials flow only.
AWS Signature: Sign requests using AWS Signature Version 4 for accessing AWS services securely.

When configuring authentication for an HTTP API data source, you will need to provide the necessary credentials and settings based on the chosen authentication method.

Using Token Forwarding (Bearer Passthrough) with HTTP API Data Sources

When your MCP Server is set to use the Bearer Passthrough authorization mode, it can forward the Authorization header from incoming requests to downstream HTTP API data sources.
This is particularly useful when your tools depend on external APIs that require bearer tokens or other forms of token-based authentication. To enable token forwarding for an HTTP API data source:

In the Infragate Console, navigate to your MCP Server and go to the “Settings” tab.
Ensure that the Authorization Type is set to Bearer Passthrough.
When defining your HTTP API data source, make sure to set the authentication method to None.