{"templateId":"GuidePage","sharedDataIds":{"sidebar":"sidebar-mcp-server/sidebars.yaml"},"props":{"metadata":{"markdoc":{"tagList":[]},"type":"markdown"},"seo":{"title":"MCP security","description":"Developer API, partner integration, MCP, SDK, and customer help center.","llmstxt":{"hide":false,"sections":[{"title":"Table of contents","includeFiles":["**/*"],"excludeFiles":[]}],"excludeFiles":[]}},"dynamicMarkdocComponents":[],"compilationErrors":[],"ast":{"$$mdtype":"Tag","name":"article","attributes":{},"children":[{"$$mdtype":"Tag","name":"Heading","attributes":{"level":1,"id":"mcp-security","__idx":0},"children":["MCP security"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["MCP agents inherit ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["exactly"]}," the permissions of the app token they use. Treat MCP as production API access, not a sandbox."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"token-hygiene","__idx":1},"children":["Token hygiene"]},{"$$mdtype":"Tag","name":"div","attributes":{"className":"md-table-wrapper"},"children":[{"$$mdtype":"Tag","name":"table","attributes":{"className":"md"},"children":[{"$$mdtype":"Tag","name":"thead","attributes":{},"children":[{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"th","attributes":{"data-label":"Do"},"children":["Do"]},{"$$mdtype":"Tag","name":"th","attributes":{"data-label":"Don't"},"children":["Don't"]}]}]},{"$$mdtype":"Tag","name":"tbody","attributes":{},"children":[{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Store tokens in env vars, secrets managers, or CI secrets"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Commit tokens to git or share in Slack"]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Create separate apps per environment (dev/staging/prod)"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Reuse one token across teams and bots"]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Rotate when someone leaves or a laptop is lost"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Embed tokens in Cursor rules or client-side code"]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Use minimum scopes in ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Developer → Apps"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Grant all-user access unless required"]}]}]}]}]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["The JWT from ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["appsAdd"]}," is shown ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["once"]}," — same rules as ",{"$$mdtype":"Tag","name":"a","attributes":{"href":"/developers/getting-started/authentication"},"children":["authentication"]},"."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"stdio-local-ide","__idx":2},"children":["stdio (local IDE)"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Tokens live in ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["~/.cursor/mcp.json"]}," or Claude Desktop config on ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["your machine"]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Anyone with access to your laptop can read them — use full-disk encryption and separate dev tokens"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Prefer a dedicated \"MCP dev\" app with read-only scopes when exploring"]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"hosted--mcp-","__idx":3},"children":["Hosted (",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["/mcp"]},")"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Call only from ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["trusted servers"]}," you control"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Terminate TLS at your edge; never downgrade to HTTP"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Pass ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["x-app-token"]}," server-side; never forward to browsers or mobile apps"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Session ids (",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["mcp-session-id"]},") are not secrets, but tie activity to your server — do not publish them"]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"permission-scoping","__idx":4},"children":["Permission scoping"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Before giving an agent write tools (",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["customersAdd"]},", ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["tagsRemove"]},", …):"]},{"$$mdtype":"Tag","name":"ol","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Create an app limited to the required user group"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Test mutations in the ",{"$$mdtype":"Tag","name":"a","attributes":{"href":"https://karzoun.chat/developer/playground"},"children":["Playground"]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Optionally set ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["KARZOUN_MCP_TOOL_PREFIX"]}," to read-only prefixes during development"]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"agent-safety","__idx":5},"children":["Agent safety"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["LLMs can call mutations unexpectedly. Mitigations:"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["System prompts that require confirmation before deletes/merges (",{"$$mdtype":"Tag","name":"a","attributes":{"href":"/mcp-server/guides/agent-patterns"},"children":["agent patterns"]},")"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Read-only tokens for analytics agents"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Audit app usage via Karzoun logs where available"]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"comparison-with-other-integrations","__idx":6},"children":["Comparison with other integrations"]},{"$$mdtype":"Tag","name":"div","attributes":{"className":"md-table-wrapper"},"children":[{"$$mdtype":"Tag","name":"table","attributes":{"className":"md"},"children":[{"$$mdtype":"Tag","name":"thead","attributes":{},"children":[{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"th","attributes":{"data-label":"Method"},"children":["Method"]},{"$$mdtype":"Tag","name":"th","attributes":{"data-label":"Credential exposure"},"children":["Credential exposure"]},{"$$mdtype":"Tag","name":"th","attributes":{"data-label":"Best for"},"children":["Best for"]}]}]},{"$$mdtype":"Tag","name":"tbody","attributes":{},"children":[{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["MCP stdio"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Local machine"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Developer productivity"]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["MCP hosted"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Backend only"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Production agents"]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["GraphQL direct"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Your service"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Deterministic integrations"]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Webhooks"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Signing secret on your server"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Event-driven, no LLM"]}]}]}]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"incident-response","__idx":7},"children":["Incident response"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["If a token leaks:"]},{"$$mdtype":"Tag","name":"ol","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Disable or remove the app in ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Developer → Apps"]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Create a new app and update MCP config or server secrets"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Review recent GraphQL activity if audit tools are enabled"]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"related","__idx":8},"children":["Related"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"a","attributes":{"href":"/mcp-server/guides/troubleshooting"},"children":["Troubleshooting"]}," — Permission and 401 errors"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"a","attributes":{"href":"/developers/guides/webhooks"},"children":["Tenant webhooks"]}," — Outbound events (different threat model)"]}]}]},"headings":[{"value":"MCP security","id":"mcp-security","depth":1},{"value":"Token hygiene","id":"token-hygiene","depth":2},{"value":"stdio (local IDE)","id":"stdio-local-ide","depth":2},{"value":"Hosted ( /mcp )","id":"hosted--mcp-","depth":2},{"value":"Permission scoping","id":"permission-scoping","depth":2},{"value":"Agent safety","id":"agent-safety","depth":2},{"value":"Comparison with other integrations","id":"comparison-with-other-integrations","depth":2},{"value":"Incident response","id":"incident-response","depth":2},{"value":"Related","id":"related","depth":2}],"frontmatter":{"title":"Security","titleTranslationKey":"sidebar.mcp.security","audience":"developer","status":"published","locales":["en","ar"],"template":"GuidePage","seo":{"title":"MCP security"}},"lastModified":"2026-06-23T14:20:16.000Z","pagePropGetterError":{"message":"","name":""}},"slug":"/mcp-server/setup/security","userData":{"isAuthenticated":false,"teams":["anonymous"]},"isPublic":true}