Authentication
Every MCP request must carry your Profundis credential. The server forwards it to the Profundis API, which authenticates the call and bills your credits. You can authenticate two ways. One-click OAuth is recommended (nothing to copy, store, or rotate); an API key is there for scripts and headless clients. Either way it ends up as a single Authorization: Bearer <credential> header.
Who can connect
Connecting requires an active entitlement, the same gate as the API: a paid plan (Professional or Enterprise), or a Free account that has purchased credits. A brand-new Free account with only its monthly credit allocation cannot create an API key and cannot use the MCP server.
Option 1: OAuth (one-click, recommended)
Clients that support remote MCP connectors (Claude.ai and Claude Desktop, ChatGPT, and Claude Code) let you connect without copying a key. You add the server URL, the client discovers the Profundis authorization server, and you sign in once; it then receives and refreshes its own access token. This is the recommended path: nothing to paste, store, or rotate, and you can revoke it per-client.
The flow is standard OAuth 2.1 with PKCE:
- You add
https://mcp.profundis.ioas a custom connector in your assistant (or, in Claude Code, run/mcpthen Authenticate). - The assistant reads the server's protected-resource metadata and is redirected to the Profundis authorization server.
- You sign in to Profundis (Google sign-in) and approve the connection.
- The assistant stores the access token and uses it for every tool call.
You can review and revoke connected apps at any time from your account profile. Revoking a connection immediately invalidates its tokens.
Option 2: API key (bearer token)
For scripts, CI, or any headless client, use your Profundis API key as the bearer token. You create or renew your key on your account profile. You can have one key per account, the value is shown only once at creation, and renewing it invalidates the previous one. See Generate a token for the full procedure.
The client sends:
Authorization: Bearer <YOUR_API_KEY>
Treat the key like a password. Anyone holding it can spend your credits. Renew it from your profile if it leaks. (OAuth avoids this: there is no key to store or leak.)
Which one should you use?
| Client | Recommended |
|---|---|
| Claude.ai and Claude Desktop | OAuth (one-click) |
| ChatGPT | OAuth (one-click) |
| Claude Code | OAuth; an API key for headless / CI |
| Other MCP clients | OAuth if supported, otherwise an API key |
Either way, billing and quotas are identical: the credential resolves to your account and your credits are charged server-side.