RouterMCP
Security

Security Best Practices and Authentication

Security best practices and authentication patterns for RouterMCP.

Security

RouterMCP provides multiple layers of security for protecting your MCP gateway and upstream servers.

MCP tools can have significant capabilities. Always review and restrict tool access based on the principle of least privilege.

Security Layers

LayerDescription
API Key AuthenticationRequire keys for project access
Tool FilteringControl which tools are exposed
OAuth IntegrationSecure upstream authentication
Audit LoggingTrack all operations
Code Mode SandboxIsolated JavaScript execution

Documentation

Authentication

API keys, OAuth, and access control.

Best Practices

Security hardening recommendations.

Quick Recommendations

  1. Enable API key authentication for all production projects
  2. Use tool filtering to expose only necessary tools
  3. Rotate API keys periodically
  4. Review audit logs for suspicious activity
  5. Use per-server credentials instead of shared tokens

Error Codes and HTTP Status Reference

Standard and custom error codes for RouterMCP APIs.

Authentication

API keys, OAuth, and access control for RouterMCP.

On this page

SecuritySecurity LayersDocumentationQuick Recommendations