Licence
Apache-2.0
Version
4.3.1
Deps
1
Size
37 kB
Vulns
0
Weekly
0
@mcpfusion/api-key
MCP API Key Authentication for MCP Fusion — A framework for creating secure MCP servers
Timing-safe API key validation · SHA-256 hashing · Async validators · Self-healing error responses
MCP API Key Authentication for MCP Fusion — the Model Context Protocol framework for building production MCP servers. Timing-safe key comparison, SHA-256 hashing, async validators, and self-healing error responses.
Quick Start
import { initMCPFusion } from '@mcpfusion/core';
import { apiKeyGuard } from '@mcpfusion/api-key';
const f = initMCPFusion<AppContext>();
const withApiKey = apiKeyGuard({
keys: [process.env.API_KEY!],
header: 'x-api-key',
});
export default f.query('data.export')
.use(withApiKey)
.handle(async (input, ctx) => {
return db.records.findMany();
});Features
| Feature | Description |
|---|---|
| Timing-Safe | Constant-time key comparison prevents timing attacks |
| SHA-256 Hashing | Store hashed keys instead of plaintext |
| Async Validators | Validate keys against a database or external service |
| Self-Healing | Missing/invalid keys return actionable hints to the LLM agent |
| Key Rotation | Support multiple keys for seamless rotation |
SHA-256 Hashed Keys
const withApiKey = apiKeyGuard({
hashedKeys: ['a1b2c3...'], // SHA-256 hash of the actual key
algorithm: 'sha256',
});Async Validator
const withApiKey = apiKeyGuard({
validate: async (key) => {
const record = await db.apiKeys.findUnique({ where: { key } });
return record !== null && record.revokedAt === null;
},
});Installation
npm install @mcpfusion/api-keyPeer Dependencies
| Package | Version |
|---|---|
@mcpfusion/core |
^2.0.0 |
Requirements
- Node.js ≥ 18.0.0
- MCP Fusion ≥ 2.0.0 (peer dependency)