Authentication
The Riipen MCP server is authenticated through the use of API keys.
API keys are made up of two parts:
- Public keys - prefixed with
pk_, which are used to identify you publicly. This key does not need to be kept secret. - Secret keys - prefixed with
sk_, which are used to make authenticated MCP calls. Make sure you keep these keys secret and secure. Do not store them in version control of use them in any client facing code.
To obtain an API key, log in to your account on app.riipen.com and:
- Click "Settings" in the main menu for either your portal or company
- Click "Keys" under the "Advanced" group
From here you can create a new, or manage existing keys.
All MCP request must be made over HTTPS and must use one of these two authentication mechanisms:
curl https://mcp.riipen.com -u $SECRET_KEY:Note that the password component of the basic authentication is left blank.
curl https://mcp.riipen.com -H "Authorization: Bearer $SECRET_KEY"Authorization
API keys are associated with either a Riipen portal or company.
When you authenticate with an API key, the MCP server authorizes actions based on the entity that owns the key. The server can access the same type of resources an administrator for that entity can access.
Riipen does not currently support API scopes. Treat each secret key as highly privileged.
