Authentication
All MCP requests require a valid API key.
Header Authentication recommended
Pass your key in the Authorization header:
Authorization: Bearer kstk_your_key_hereThis is the standard method. All MCP clients (Claude Desktop, Cursor, Claude Code) support custom headers.
Query Parameter
For clients that cannot set custom headers (some browser-based tools):
https://mcp-server-production-c654.up.railway.app/mcp?key=kstk_your_key_hereWARNING
Query parameters may be logged by proxies and appear in server access logs. Use header auth whenever possible.
Key format
All keys start with the prefix kstk_ followed by 32 hex characters:
kstk_748589bf4663ee925bf6cf2d8c01b9a4Keys are stored as SHA-256 hashes on our servers. We never store your raw key.
Error responses
| Status | Meaning | What to do |
|---|---|---|
401 | Missing or malformed API key | Check your Authorization: Bearer kstk_... header |
403 | Invalid or deactivated key | Contact support for a new key |
429 | Rate limit or monthly quota exceeded | Wait or upgrade your plan |