Aegis Developer PortalDeveloper Search
Press ⌘K or Ctrl+K to jump through guides and API endpoint docs.
Developer Docs
MCP Broker Security Model
Practical production controls for secure API consumption from MCP and backend integrations.
Authentication
Short-Lived Access
Authenticate callers with OAuth or workload identity and avoid static API keys.
Proof
Request Binding
Protect sensitive operations with request-level proof to reduce replay risk.
Operations
Audit and Revocation
Log sensitive actions and keep fast revoke-and-recover paths ready.
Required Controls
- Use OAuth device flow for local MCP login.
- Use workload identity for server-to-server callers.
- Use request proof for lease and other sensitive operations.
- Keep tokens short-lived and limited to the task.
- Record audit events for all sensitive broker actions.
Lease Request Proof
Example proof payload for sender-constrained requests.
{
"proof_type": "dpop_jwt",
"dpop_jwt": "<signed_jwt>",
"nonce": "nonce-create-0001"
}Token Lifecycle
1. Use short-lived access tokens.
2. Keep tokens in memory where possible.
3. Rotate signing material regularly.
4. Revoke and re-issue immediately on suspicion.
5. Audit all sensitive operations.Integration Guidance
- Classify non-retryable errors (`invalid_argument`, `permission_denied`).
- Use exponential backoff for transient failures (`unavailable`).
- Validate all critical auth and lease flows in E2E before production.
Extended Doc
Full architecture and operational details are documented in docs/api/mcp-broker-security-model.md.
API Surface
Use the API Explorer to inspect available operations and copy integration-ready request examples.
Open API Explorer