Authentication

Every MCP connection requires a Bearer token. There is no unauthenticated access.

Using a token

Pass the token in the Authorization header when configuring your MCP client.

Claude Desktop — add to claude_desktop_config.json:

{
  "mcpServers": {
    "divergence": {
      "type": "streamable-http",
      "url": "https://divergence.duckdns.org/mcp/mcp",
      "headers": {
        "Authorization": "Bearer YOUR_TOKEN"
      }
    }
  }
}

Cursor / Windsurf — add an MCP server entry in settings with the endpoint URL and the Authorization header set to Bearer YOUR_TOKEN.

Custom agent — include Authorization: Bearer YOUR_TOKEN in the HTTP headers on every request to the MCP endpoint.

Token format

Tokens are opaque strings. Treat them as secrets. Do not commit them to source control.

To rotate a token, contact us directly. Old tokens are invalidated immediately on request.