Authentication
2 minute read
The Trustgrid MCP server requires authentication for every request. There are two ways to provide credentials.
OAuth 2.0
The server implements OAuth 2.0 with the MCP authorization spec. Clients that support the OAuth handshake — including Claude Desktop and Claude Code — will automatically open a browser-based login when you first connect. After you authorize, the client manages token refresh without further intervention.
No manual token setup is required for OAuth-capable clients. Just point the client at the MCP URL.
The OAuth authorization server metadata is available at:
https://mcp.<domain>.trustgrid.io/.well-known/oauth-authorization-server
API token
An API token is a clientId:clientSecret pair tied to your Trustgrid user account. It carries the same permissions as your portal account.
Generate a token:
- Log into the Trustgrid portal
- Navigate to User Management → API Access
- Click Generate API keys
Use the token:
Pass the token as an HTTP Authorization header using the trustgrid-token scheme:
Authorization: trustgrid-token YOUR_CLIENT_ID:YOUR_CLIENT_SECRET
In most MCP client configs, this goes in a headers block alongside the server URL.
Auth error handling
| Response | Meaning | Fix |
|---|---|---|
401 Unauthorized | Missing or malformed Authorization header | Check that the header is present and correctly formatted |
401 with WWW-Authenticate header | Server is requesting OAuth | Your client should initiate the OAuth flow; if it doesn’t, provide a static token instead |
403 Forbidden | Token is valid but lacks required scope | The credential doesn’t have permission for the requested operation — check API key permissions or generate a new key |
If you see a WWW-Authenticate challenge with a resource_metadata URL and your client doesn’t handle OAuth, you need to provide a static API token or JWT directly in the config header.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.