Back to Docs
Auth Providers
Securing your API is critical when connecting it to AI models. LegacyAI supports passing through authentication securely, so Claude Desktop only accesses what it has permission to see.
Supported Authentication Strategies
Basic & API Keys (Pro)
Attach a static API key or bearer token to all outgoing requests from the MCP server to your API.
OAuth & Advanced (Business)
Implement granular OAuth 2.0 scopes or use dynamic token injection for team-based permissions.
How it works with Claude Desktop
When you generate an MCP Server with LegacyAI, we do not store your production API keys. Instead, the authentication configuration is generated into the server wrapper.
- Environment Variables: You supply your API tokens via local environment variables (e.g.,
API_BEARER_TOKEN) when configuring the Claude Desktop JSON file. - Secure Passthrough: The MCP server reads the local environment variable and attaches it to the HTTP headers of the tool call requests.
Security Note
Always ensure your generated MCP server is running in a trusted environment (like a secure VPC or your local machine) when providing it with production API keys.