@jedify/mcp-auth) supports two ways to authenticate. Both work the same regardless of which mode you run or which client you connect from.
| Method | Best for | Setup |
|---|---|---|
| Browser-based login (default) | Individual users on a personal machine | Nothing extra — sign in when prompted |
| API key | Headless machines, shared environments, automated/CI setups | Set JEDIFY_API_KEY in your config |
Browser-based login (default)
When no API key is configured, the proxy prompts you to sign in the first time you use a Jedify tool.Trigger the tools
Start a new conversation in your client and ask something that uses Jedify, for example: “What data is available in Jedify?”
Sign in
Your browser opens to your organization’s login page. Sign in with your organization credentials.
Authentication persists across sessions and refreshes automatically, so you only sign in occasionally.
API key
If you’d rather not sign in through the browser — for example on a headless machine, a shared environment, or an automated/CI setup — authenticate with a Jedify API key instead. Set theJEDIFY_API_KEY environment variable in your configuration. When it’s present, the proxy skips the browser login entirely and authenticates every request with the key:
The API key must be bound to a user — the key identifies who is acting, so no email or extra sign-in is needed. Ask your Jedify administrator to issue a user-bound API key. If
JEDIFY_API_KEY is not set, the proxy falls back to the browser-based login described above.@jedify/mcp-auth v1.1.0 or later.
To run in Builder mode with an API key, add the --builder flag alongside the env block:
Security
- Encrypted communication: all traffic uses HTTPS.
- Scoped access: you only reach your organization’s data, limited by your user permissions.
- Managed tokens: session tokens refresh automatically and expire for security.