How to Set Up Authentication¶
This guide shows you how to secure your Xaibo server with API key authentication for both OpenAI and MCP adapters.
Quick Start¶
The fastest way to add authentication:
-
Set environment variables:
-
Start the server:
-
Test with curl:
Step-by-Step Setup¶
1. Choose Your Authentication Method¶
Option A: Environment Variables (Recommended)
export CUSTOM_OPENAI_API_KEY="sk-your-secret-key-here"
export MCP_API_KEY="mcp-your-secret-key-here"
Option B: Command Line Arguments
python -m xaibo.server.web \
--openai-api-key "sk-your-secret-key-here" \
--mcp-api-key "mcp-your-secret-key-here" \
--adapter xaibo.server.adapters.OpenAiApiAdapter \
--adapter xaibo.server.adapters.McpApiAdapter
2. Start the Server with Adapters¶
For OpenAI API only:
For MCP only:
For both adapters:
python -m xaibo.server.web \
--adapter xaibo.server.adapters.OpenAiApiAdapter \
--adapter xaibo.server.adapters.McpApiAdapter
3. Configure Your Agent Directory¶
python -m xaibo.server.web \
--agent-dir ./my-agents \
--adapter xaibo.server.adapters.OpenAiApiAdapter
Testing Authentication¶
Test OpenAI Adapter¶
List available models:
Send a chat completion:
curl -X POST \
-H "Authorization: Bearer your-openai-secret-key" \
-H "Content-Type: application/json" \
-d '{
"model": "your-agent-name",
"messages": [{"role": "user", "content": "Hello"}]
}' \
http://localhost:8000/openai/chat/completions
Test MCP Adapter¶
Initialize MCP connection:
curl -X POST \
-H "Authorization: Bearer your-mcp-secret-key" \
-H "Content-Type: application/json" \
-d '{
"jsonrpc": "2.0",
"id": "1",
"method": "initialize",
"params": {
"protocolVersion": "2024-11-05",
"capabilities": {}
}
}' \
http://localhost:8000/mcp/
List available tools:
curl -X POST \
-H "Authorization: Bearer your-mcp-secret-key" \
-H "Content-Type: application/json" \
-d '{
"jsonrpc": "2.0",
"id": "2",
"method": "tools/list",
"params": {}
}' \
http://localhost:8000/mcp/
Common Issues¶
"Missing Authorization header"¶
Problem: You forgot to include the Authorization header.
Solution: Add the header to your request:
"Invalid API key"¶
Problem: The API key doesn't match what the server expects.
Solutions:
- Check your environment variables: echo $CUSTOM_OPENAI_API_KEY
- Verify the key in your curl command matches exactly
- Restart the server after changing environment variables
Server starts but authentication doesn't work¶
Problem: API key not configured properly.
Solutions:
- Make sure environment variables are set before starting the server
- Use command-line arguments instead: --openai-api-key "your-key"
- Check server logs for authentication errors
MCP requests return HTTP 200 but with errors¶
Problem: This is normal - MCP uses JSON-RPC protocol.
Solution: Check the response body for error details:
Security Notes¶
- Keep API keys secret - never commit them to version control
- Use environment variables for production deployments
- Use strong, random keys - consider using
openssl rand -hex 32 - Authentication is optional - adapters work without API keys for development
No Authentication Setup¶
To run without authentication (development only):
python -m xaibo.server.web \
--adapter xaibo.server.adapters.OpenAiApiAdapter \
--adapter xaibo.server.adapters.McpApiAdapter
Then test without Authorization headers:
Related Guides¶
- How to deploy with OpenAI-compatible API - Complete deployment guide with authentication examples
- How to deploy as an MCP server - MCP deployment with authentication setup
- API Reference - Server Adapters - Technical details about authentication implementation