Skip to content

feat: add API key authentication and HTTPS support#3

Merged
viamus merged 1 commit into
mainfrom
feature/authentication
Jan 31, 2026
Merged

feat: add API key authentication and HTTPS support#3
viamus merged 1 commit into
mainfrom
feature/authentication

Conversation

@viamus
Copy link
Copy Markdown
Owner

@viamus viamus commented Jan 31, 2026

Description

Add optional API key authentication to protect MCP server endpoints and update all documentation to use HTTPS by default for secure communication.

Type of Change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation update
  • Refactoring (no functional changes)

Related Issues

N/A

Changes Made

  • Add ServerSecurityOptions configuration class for API key settings
  • Add ApiKeyAuthenticationMiddleware to validate API key on incoming requests
  • Add -ApiKey and -RequireApiKey parameters to PowerShell install script
  • Update docker-compose.yml with security environment variables (MCP_API_KEY, MCP_REQUIRE_API_KEY)
  • Update .env.example with security configuration documentation
  • Add HTTPS launch profile in launchSettings.json
  • Update README.md to use HTTPS URLs (https://localhost:5001) for .NET CLI
  • Update README.md with complete security documentation section
  • Update Claude Code MCP configuration examples to use --header flag for API key

Testing

  • I have tested these changes locally
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes

Checklist

  • My code follows the project's coding style
  • I have performed a self-review of my code
  • I have commented my code, particularly in hard-to-understand areas
  • My changes generate no new warnings
  • I have updated the documentation accordingly

Screenshots (if applicable)

N/A

Additional Notes

  • API key authentication is optional and disabled by default (RequireApiKey: false)
  • When enabled, the /health endpoint remains accessible without authentication
  • The API key is passed via the X-API-Key header
  • For Docker deployments, a reverse proxy (nginx, traefik) is recommended for HTTPS termination
  • The install script automatically enables RequireApiKey when an ApiKey is provided

@viamus @claude
feat: add API key authentication and HTTPS support
fc8e087 
- Add optional API key authentication middleware for MCP endpoints
- Add ServerSecurityOptions configuration for ApiKey and RequireApiKey
- Update install script to support ApiKey parameter
- Update README with HTTPS URLs and security documentation
- Add HTTPS launch profile for local development
- Update docker-compose with security environment variables

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@viamus viamus self-assigned this Jan 31, 2026
@viamus viamus added documentation Improvements or additions to documentation enhancement New feature or request labels Jan 31, 2026
@viamus viamus merged commit eb61cc7 into main Jan 31, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@viamus viamus

Labels

documentation Improvements or additions to documentation enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@viamus