Skip to main content

MCP Client Configuration with Authentication Header

OAuth 2.0 is now the default and recommended authentication method for connecting MCP clients to Kuroco — see MCP Client Configuration for the primary reference.

This page is a guide to authenticating via a request header (X-RCMS-API-ACCESS-TOKEN) only. You can use it for clients that cannot use OAuth, or when you specifically want to authenticate by providing the access token in the header.

Replace https://your-kuroco-domain.com/mcp with your actual Kuroco MCP endpoint in all examples.

For the full implementation walkthrough, see: Model Context Protocol (MCP) Integration with Kuroco.

Supported clients

Chat-based clients

ClientMCP SupportConnectable to KurocoImplementation TypeSupports header authentication
JanFull (Read/Write)
Claude DesktopFull (Read/Write)
ChatGPTLimited (Read-only)*

Coding assistants

ClientMCP SupportConnectable to KurocoImplementation TypeSupports header authentication
Claude CodeFull (Read/Write)
Codex CLIFull (Read/Write)✅ (via config.toml)
CursorFull (Read/Write)
ZedFull (Read/Write)
GitHub Copilot Chat (VS Code)Full (Read/Write)
GitHub Copilot coding agentFull (Read/Write)

Custom implementations

ClientMCP SupportConnectable to KurocoImplementation TypeSupports header authentication
Python MCP ServerFull (Read/Write)
TypeScript MCP ServerFull (Read/Write)
Other custom clientsFull (Read/Write)

Implementation types:

  • Full (Read/Write): Complete MCP support with both data retrieval and modification capabilities
  • Limited (Read-only): MCP support restricted to data retrieval and search operations only
  • Local only: No remote MCP support

Notes:

  • *ChatGPT: Currently supports read-only operations through Deep Research mode. Available for Enterprise, Education, Team, and Plus users.
  • This method requires the client to support custom header configuration. Clients where Supports header authentication is ❌ cannot use the method described in this guide — use MCP Client Configuration (OAuth) instead, or, for clients that don't support OAuth either, see Public endpoints.

Security of Kuroco APIs used for MCP connections

Clients where Supports header authentication is ✅ can connect to endpoints protected by an access token, enabling read and write operations. Using a privileged static token is recommended.

To configure authentication:

  1. Open the Swagger UI of the Kuroco API whose security is set to privileged static token.
  2. Click Generate in the upper right corner, fill in the required information, and copy the generated token.
  3. Set the token as a request header in your MCP client configuration.

The header name is X-RCMS-API-ACCESS-TOKEN. Refer to each client's setup instructions below for the exact configuration syntax.

Public endpoints

Clients that support neither header authentication nor OAuth can only connect to a Kuroco MCP endpoint whose API security is set to None.

caution

Public endpoints are not recommended for production use. Since no authentication is required, anyone who knows the URL can access the API and request origin cannot be tracked. If you must use a public endpoint, restrict it to read-only operations and only expose data that is truly safe to make public. Never expose write endpoints without authentication.

Chat-based clients

Jan

Jan supports MCP servers from Settings -> MCP Servers.

Official reference:

Claude (Web / Desktop / Mobile)

Claude and Claude Desktop do not support header authentication, so this method cannot be used. Use MCP Client Configuration (OAuth) instead.

ChatGPT Apps (Developer mode)

ChatGPT does not support header authentication, so this method cannot be used. Use MCP Client Configuration (OAuth) instead.

Coding assistants

Claude Code

Add the server with a header (note: --header must come after the URL):

claude mcp add --transport http kuroco https://your-kuroco-domain.com/mcp --header "X-RCMS-API-ACCESS-TOKEN: your-token"

Project-scoped setup:

claude mcp add --scope project --transport http kuroco https://your-kuroco-domain.com/mcp --header "X-RCMS-API-ACCESS-TOKEN: your-token"

Official reference:

Codex CLI

The codex mcp add CLI does not have a custom header option, so after adding the server, edit ~/.codex/config.toml to configure headers.

[mcp_servers.kuroco]
url = "https://your-kuroco-domain.com/mcp"
enabled = true

[mcp_servers.kuroco.http_headers]
"X-RCMS-API-ACCESS-TOKEN" = "your-token"

To load the token from an environment variable, use env_http_headers:

[mcp_servers.kuroco]
url = "https://your-kuroco-domain.com/mcp"
enabled = true

[mcp_servers.kuroco.env_http_headers]
"X-RCMS-API-ACCESS-TOKEN" = "KUROCO_MCP_TOKEN"
export KUROCO_MCP_TOKEN="your-token"

Official reference:

Cursor

Configure in mcp.json with the access token as a header:

{
"mcpServers": {
"kuroco": {
"url": "https://your-kuroco-domain.com/mcp",
"headers": {
"X-RCMS-API-ACCESS-TOKEN": "your-token"
}
}
}
}

Official reference:

Zed

Configure in settings.json with the access token as a header:

{
"context_servers": {
"kuroco": {
"url": "https://your-kuroco-domain.com/mcp",
"headers": {
"X-RCMS-API-ACCESS-TOKEN": "your-token"
}
}
}
}

Official reference:

GitHub Copilot Chat (VS Code)

Use VS Code MCP config (mcp.json) and pass the access token as a header:

{
"servers": {
"kuroco": {
"type": "http",
"url": "https://your-kuroco-domain.com/mcp",
"headers": {
"X-RCMS-API-ACCESS-TOKEN": "your-token"
}
}
}
}

Official references:

GitHub Copilot coding agent

Copilot coding agent supports MCP tools in repository settings. Store the token in a repository secret prefixed COPILOT_MCP_ and pass it as a header:

{
"mcpServers": {
"kuroco": {
"type": "http",
"url": "https://your-kuroco-domain.com/mcp",
"headers": {
"X-RCMS-API-ACCESS-TOKEN": "$COPILOT_MCP_KUROCO_TOKEN"
}
}
}
}

Official references:

Custom implementations

Python / TypeScript / others

  • Python: use the official MCP Python SDK to expose an HTTP server, then register that endpoint in your MCP client.
  • TypeScript: use an MCP HTTP server SDK and register your endpoint in your MCP client.
  • Other languages: expose an HTTP MCP server and point your client to https://your-kuroco-domain.com/mcp.

Support

If you have any other questions, please contact us or check out Our Slack Community.