Add API key authentication to secure proxy endpoints

## Problem

Currently, `mcp-proxy` exposes all endpoints without any authentication mechanism. This means anyone with network access to the proxy can send requests through it, which poses a security risk in production environments.

## Proposed Solution

Implement optional API key authentication using X-API-Key header. When enabled, the proxy will validate incoming requests against a configured API key, rejecting unauthorized requests with a 401 status.

## Requirements

* Authentication should be optional (disabled by default for backward compatibility)
* Support configuration via CLI flag (--apiKey) and environment variable (MCP_PROXY_API_KEY)
* Health check endpoint (/ping) and CORS preflight requests should remain public
* Clear error responses for unauthorized requests

## PR

See #34 for implementation suggestion.



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Add API key authentication to secure proxy endpoints #35

Problem

Proposed Solution

Requirements

PR

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Add API key authentication to secure proxy endpoints #35

Description

Problem

Proposed Solution

Requirements

PR

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions