Guide

Authentication for ProxVanta MCP.

The hosted ProxVanta MCP server supports two practical auth paths: OAuth through the ProxVanta app, or bearer-token auth using an exported organization API key.

Choose the right path

OAuth

Best when the client has a native sign-in flow and you want per-user authorization through the ProxVanta app.

Organization API key

Best when the client expects a bearer token field and your team wants a direct setup path using an exported org credential.

Good practices

Store the bearer token in the client's secret or environment-variable field when possible.
Prefer OAuth when the client supports it cleanly and you want end-user sign-in semantics.
Prefer an organization API key when the client only supports direct bearer-token configuration.
Rotate organization API keys if access should change or if a token is exposed.

Bearer auth shape

Authorization: Bearer <token>

Accepted token types:
- OAuth access token issued by ProxVanta
- exported ProxVanta organization API key

For direct client setup, the most common path is to put the ProxVanta token in a secret field or environment variable, then point the client at the hosted MCP URL.

Next steps

Open MCP install guide Read MCP setup guide Back to guides