🔐 feat: Add API key authentication support for MCP servers (#10936)

* 🔐 feat: Add API key authentication support for MCP servers * Chore: Copilot comments fixes --------- Co-authored-by: Atef Bellaaj <slalom.bellaaj@external.daimlertruck.com>
2026-02-13 04:54:24 +01:00 · 2025-12-12 19:51:49 +01:00 · 2025-12-12 19:51:49 +01:00 · e15d37b399
commit e15d37b399
parent abeaab6e17
11 changed files with 836 additions and 84 deletions
--- a/packages/data-provider/src/mcp.ts
+++ b/packages/data-provider/src/mcp.ts
@ -73,6 +73,23 @@ const BaseOptionsSchema = z.object({
    .optional(),
  /** Custom headers to send with OAuth requests (registration, discovery, token exchange, etc.) */
  oauth_headers: z.record(z.string(), z.string()).optional(),
+  /**
+   * API Key authentication configuration for SSE and Streamable HTTP transports
+   * - source: 'admin' means the key is provided by admin and shared by all users
+   * - source: 'user' means each user provides their own key via customUserVars
+   */
+  apiKey: z
+    .object({
+      /** API key value (only for admin-provided mode, stored encrypted) */
+      key: z.string().optional(),
+      /** Whether key is provided by admin or each user */
+      source: z.enum(['admin', 'user']),
+      /** How to format the authorization header */
+      authorization_type: z.enum(['basic', 'bearer', 'custom']),
+      /** Custom header name when authorization_type is 'custom' */
+      custom_header: z.string().optional(),
+    })
+    .optional(),
  customUserVars: z
    .record(
      z.string(),