From 2579079d2df32f2ce8928f481b296c15c6211e89 Mon Sep 17 00:00:00 2001
From: "mintlify[bot]" <109931778+mintlify[bot]@users.noreply.github.com>
Date: Wed, 8 Apr 2026 22:21:30 +0000
Subject: [PATCH] Add client credentials documentation for MCP server
 authentication

Generated-By: mintlify-agent
---
 ai/model-context-protocol.mdx | 51 +++++++++++++++++++++++++++++++++++
 1 file changed, 51 insertions(+)

diff --git a/ai/model-context-protocol.mdx b/ai/model-context-protocol.mdx
index ec93468d2..f9618803f 100644
--- a/ai/model-context-protocol.mdx
+++ b/ai/model-context-protocol.mdx
@@ -104,6 +104,57 @@ By default, your MCP server is only available for localhost tools. To allow web-
   </Step>
 </Steps>
 
+### Client credentials
+
+Client credentials let server-side applications access your authenticated MCP endpoints without a user login flow. Use client credentials when you need machine-to-machine access to your MCP server, such as from a backend service, CI/CD pipeline, or automated workflow.
+
+With client credentials, your application authenticates directly with a client ID and client secret instead of going through an interactive OAuth login. The MCP server issues a token that grants the same access as an authenticated user.
+
+<Steps>
+  <Step title="Create a client credential">
+    1. Navigate to the [MCP server page](https://dashboard.mintlify.com/products/mcp) in your dashboard.
+    2. In the **Client credentials** section, click **Create credential**.
+    3. Enter a label to identify this credential, such as `production-backend` or `ci-pipeline`.
+    4. Copy the **client ID** and **client secret**. The client secret is only shown once and cannot be retrieved later.
+  </Step>
+  <Step title="Exchange credentials for a token">
+    Send a POST request to your MCP server's token endpoint with your client ID and client secret to receive an access token.
+
+    ```bash
+    curl -X POST https://<your-docs-domain>/authed/mcp/oauth/token \
+      -H "Content-Type: application/json" \
+      -d '{
+        "grant_type": "client_credentials",
+        "client_id": "<your-client-id>",
+        "client_secret": "<your-client-secret>"
+      }'
+    ```
+
+    The response includes an access token:
+
+    ```json
+    {
+      "access_token": "<token>",
+      "token_type": "Bearer"
+    }
+    ```
+
+    Tokens expire after two weeks. Your application should request a new token before the current one expires.
+  </Step>
+  <Step title="Use the token with authenticated MCP endpoints">
+    Pass the token as a Bearer token when connecting to the `/authed/mcp` endpoint. Your MCP client or HTTP requests should include the token in the `Authorization` header.
+
+    ```bash
+    Authorization: Bearer <token>
+    ```
+  </Step>
+</Steps>
+
+You can manage your client credentials from the dashboard:
+
+- **Disable a credential** to temporarily revoke access without deleting it.
+- **Delete a credential** to permanently revoke access. Deleted credentials cannot be recovered.
+
 ### Rate limits
 
 To protect availability, Mintlify applies rate limits to MCP servers.