From eb0738a42d4ec1571c7156a07cb9c4c2ee92c423 Mon Sep 17 00:00:00 2001 From: "mintlify[bot]" <109931778+mintlify[bot]@users.noreply.github.com> Date: Wed, 8 Apr 2026 23:14:12 +0000 Subject: [PATCH] Document client_credentials grant type for MCP server authentication Generated-By: mintlify-agent --- ai/model-context-protocol.mdx | 43 +++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/ai/model-context-protocol.mdx b/ai/model-context-protocol.mdx index ec93468d2..49ac4b9bb 100644 --- a/ai/model-context-protocol.mdx +++ b/ai/model-context-protocol.mdx @@ -104,6 +104,49 @@ By default, your MCP server is only available for localhost tools. To allow web- +### Client credentials for server-to-server access + +If you need to connect to an authenticated MCP server from an automated system, CI/CD pipeline, or backend service, you can use the OAuth 2.0 `client_credentials` grant type instead of the interactive browser-based flow. + +The `client_credentials` grant authenticates using a client ID and client secret, so no user interaction is required. This is useful when an application needs to access your MCP server programmatically without a browser. + +To authenticate with client credentials, send a `POST` request to your MCP server's token endpoint with the `client_credentials` grant type. You can provide the client ID and secret as form parameters or with an HTTP Basic `Authorization` header. + + + + +```bash +curl -X POST https://your-docs-site.com/mcp/oauth/token \ + -d "grant_type=client_credentials" \ + -d "client_id=YOUR_CLIENT_ID" \ + -d "client_secret=YOUR_CLIENT_SECRET" +``` + + + + +```bash +curl -X POST https://your-docs-site.com/mcp/oauth/token \ + -d "grant_type=client_credentials" \ + -H "Authorization: Basic $(echo -n 'YOUR_CLIENT_ID:YOUR_CLIENT_SECRET' | base64)" +``` + + + + +A successful response returns an access token: + +```json +{ + "access_token": "eyJhbGci...", + "token_type": "Bearer", + "expires_in": 1209600, + "scope": "mcp:search" +} +``` + +Client credentials tokens are subject to server-side revocation checks. If a credential is revoked in the dashboard, any tokens issued with that credential stop working immediately. This does not affect tokens issued through the interactive authorization code flow. + ### Rate limits To protect availability, Mintlify applies rate limits to MCP servers.