From c5cc20bde43c55bec296d496219f6e91c62aa611 Mon Sep 17 00:00:00 2001
From: "mintlify[bot]" <109931778+mintlify[bot]@users.noreply.github.com>
Date: Wed, 8 Apr 2026 23:40:59 +0000
Subject: [PATCH] Add client_credentials grant type docs for MCP authentication

Generated-By: mintlify-agent
---
 ai/model-context-protocol.mdx | 42 +++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)

diff --git a/ai/model-context-protocol.mdx b/ai/model-context-protocol.mdx
index ec93468d2..15e60f38b 100644
--- a/ai/model-context-protocol.mdx
+++ b/ai/model-context-protocol.mdx
@@ -104,6 +104,48 @@ By default, your MCP server is only available for localhost tools. To allow web-
   </Step>
 </Steps>
 
+### Machine-to-machine authentication
+
+For server-side applications, CI/CD pipelines, or automated tools that need to access your authenticated MCP server without user interaction, your MCP server supports the OAuth 2.0 `client_credentials` grant type.
+
+The `client_credentials` grant allows a registered client to authenticate directly with a client ID and client secret instead of going through the interactive Authorization Code flow. This is useful when:
+
+- A backend service needs to query your documentation programmatically.
+- An automated pipeline needs to retrieve documentation content.
+- A server-side application needs to access authenticated content without a browser-based login.
+
+To use the `client_credentials` grant, send a `POST` request to your MCP server's token endpoint with the client credentials. You can provide credentials either in the request body or using an `Authorization: Basic` header per [RFC 6749 Section 2.3.1](https://datatracker.ietf.org/doc/html/rfc6749#section-2.3.1).
+
+<CodeGroup>
+```bash Request body
+curl -X POST https://your-docs.com/authed/mcp/oauth/token \
+  -H "Content-Type: application/x-www-form-urlencoded" \
+  -d "grant_type=client_credentials" \
+  -d "client_id=YOUR_CLIENT_ID" \
+  -d "client_secret=YOUR_CLIENT_SECRET"
+```
+
+```bash Authorization header
+curl -X POST https://your-docs.com/authed/mcp/oauth/token \
+  -H "Content-Type: application/x-www-form-urlencoded" \
+  -H "Authorization: Basic $(echo -n 'YOUR_CLIENT_ID:YOUR_CLIENT_SECRET' | base64)" \
+  -d "grant_type=client_credentials"
+```
+</CodeGroup>
+
+A successful response returns a Bearer token:
+
+```json
+{
+  "access_token": "eyJhbGciOiJS...",
+  "token_type": "Bearer",
+  "expires_in": 1209600,
+  "scope": "mcp:search"
+}
+```
+
+The token is valid for 14 days (`expires_in: 1209600` seconds) and has the `mcp:search` scope, which grants access to the search and get page tools. Tokens issued through `client_credentials` are subject to server-side revocation checks, so access can be revoked at any time without waiting for the token to expire.
+
 ### Rate limits
 
 To protect availability, Mintlify applies rate limits to MCP servers.