MCPAuth for REST API

[zcc19960910]

我在使用higress的场景是：
后端服务的api是固定的， 每个人都有自己的PRIVATE-TOKEN，请求api的时候 放在header中。 这个应该算是api key的鉴权方式吗？

文档中的这个方案如何实现呢？有操作步骤吗

---

The scenario I'm using higress is:
The API for the backend service is fixed. Everyone has their own PRIVATE-TOKEN. When requesting the API, it is placed in the header. Should this be considered as the authentication method of API key?

How to implement this solution in the document? Are there any steps

[johnlanni]

文章里已经给出了配置方式，对这个配置哪里有疑问，针对你的问题可以进行回答。如果寻求解决方案，开源是不提供的。可以考虑购买阿里云AI网关产品，会提供商业化解决方案。

---

The configuration method has been given in the article. If you have any questions about this configuration, you can answer your questions. If a solution is sought, open source is not provided. You can consider purchasing Alibaba Cloud AI gateway products, which will provide commercial solutions.

[zcc19960910]

文档不是很详细，比如我现在有REST API接口. 怎样能通过higress把他变成一个可以调用的mcp server，让我的通义灵码掉通，或者说cursor掉通呢。感谢

---

The documentation is not very detailed, for example, I now have a REST API interface. How can I turn it into a callable mcp server through higress, so that my Tongyi Ling Code can be lost, or cursor can be lost. Thanks

[johnlanni]

https://higress.ai/blog/bulk-conversion-of-existing-openapi-to-mcp-server

可以仔细看下这篇文章

[zcc19960910]

server:
name: "artifact"
securitySchemes:

• id: "backendApiKeyHeader"
  in: "header"
  name: "PRIVATE-TOKEN"
  type: "apiKey"

• id: "ClientSideBearer"
  scheme: "bearer"
  type: "http"
  tools:

• description: "获取制品平台制品类型"
  name: "types"
  requestTemplate:
  method: "GET"
  security:
  id: "backendApiKeyHeader"
  url: "https://sit-gitlab.oceanbase-dev.com/api/v4//projects/4/merge_requests/1"
  responseTemplate:
  body: "{"body":"Result: {{ range $index, $item := .data.list }}{{ if $index
  \ }}, {{ end }}{{ $item }}{{ end }}"}"
  security:
  id: "ClientSideBearer"
  passthrough: true

  我这样写了，但是没生效

---

server:
name: "artifact"
securitySchemes:

• id: "backendApiKeyHeader"
  in: "header"
  name: "PRIVATE-TOKEN"
  type: "apiKey"

• id: "ClientSideBearer"
  scheme: "bearer"
  type: "http"
  tools:

• description: "Get product platform product type"
  name: "types"
  requestTemplate:
  method: "GET"
  security:
  id: "backendApiKeyHeader"
  url: "https://sit-gitlab.oceanbase-dev.com/api/v4//projects/4/merge_requests/1"
  responseTemplate:
  body: "{"body":"Result: {{ range $index, $item := .data.list }}{{ if $index
  \ }}, {{ end }}{{ $item }}{{ end }}"}"
  security:
  id: "ClientSideBearer"
  passthrough: true

  I wrote this, but it didn't work

[zcc19960910]

我的接口是通的，curl能访问

---

My interface is connected, curl can access

[wo1c]

我在使用higress的场景是： 后端服务的api是固定的， 每个人都有自己的PRIVATE-TOKEN，请求api的时候 放在header中。 这个应该算是api key的鉴权方式吗？ 文档中的这个方案如何实现呢？有操作步骤吗

The scenario I'm using higress is: The API for the backend service is fixed. Everyone has their own PRIVATE-TOKEN. When requesting the API, it is placed in the header. Should this be considered as the authentication method of API key? How to implement this solution in the document? Are there any steps

这啥时候的文档了，在哪里可以看