Setup Auth
Configure gateway MCP auth exactly like protected gateway traffic.
Required headers
Authorization: Bearer <token|jwt|oidc token>(or mTLS at ingress layer)X-Client-IDX-Profile-ID
MCP session flow
- Call
initializeonPOST /mcp(or your configuredMCP_PATH). - Read
Mcp-Session-Idfrom response header. - Use that header on
tools/list/tools/call. - Optional: open SSE stream with
GET /mcp+ same session header.
Example initialize
curl -i https://gateway.example.com/mcp \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $MCP_TOKEN" \
-H "X-Client-ID: ai-agent-prod" \
-H "X-Profile-ID: mcp-prod" \
-d '{"jsonrpc":"2.0","id":1,"method":"initialize","params":{"protocolVersion":"2024-11-05","capabilities":{"tools":{}}}}'
Example tools/list (after initialize)
curl -i https://gateway.example.com/mcp \
-H "Authorization: Bearer $MCP_TOKEN" \
-H "X-Client-ID: ai-agent-prod" \
-H "X-Profile-ID: mcp-prod" \
-H "Mcp-Session-Id: $SESSION_ID" \
-H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","id":2,"method":"tools/list"}'