Bearer Auth

Authenticate with Bearer tokens

Bearer tokens are the simplest way to authenticate to protected APIs and MCP servers. They work well for API keys, service accounts, and other non-interactive workflows.

With Dedalus SDK (DAuth)

If you’re using the Dedalus runner / marketplace, you typically declare a Connection schema (what secrets you need) and then bind it to real values at runtime.

Step 1: Define a connection

from dedalus_mcp import Connection, SecretKeys

x = Connection(
    name="x",
    secrets=SecretKeys(token="X_BEARER_TOKEN"),
    base_url="https://api.x.com",  # your API provider base URL
    auth_header_format="Bearer {api_key}",
)

Step 2: Bind credentials

import os
from dedalus_mcp import SecretValues

# SecretValues binds actual values to the Connection schema.
x_secrets = SecretValues(x, token=os.getenv("X_BEARER_TOKEN", ""))

Step 3: Pass to your runner

from dedalus_labs import AsyncDedalus, DedalusRunner

async def main():
    client = AsyncDedalus()
    runner = DedalusRunner(client)

    response = await runner.run(
        input="Find trending topics",
        model="anthropic/claude-sonnet-4-20250514",
        mcp_servers=["windsor/x-api-mcp"],
        credentials=[x_secrets],
    )

Step 4: Environment variables

# Dedalus credentials
DEDALUS_API_KEY=dsk_your_key
DEDALUS_AS_URL=https://as.dedaluslabs.ai

# Your external API credentials
X_BEARER_TOKEN=AAAA...

`auth_header_format` reference

auth_header_format controls how the server formats the Authorization header when calling external APIs through dispatch. The format string must include {api_key}.

API	Format	Header sent
X (Twitter)	`Bearer {api_key}`	`Authorization: Bearer AAAA...`
GitHub	`token {api_key}`	`Authorization: token ghp_...`
Slack	`Bearer {api_key}`	`Authorization: Bearer xoxb-...`

When to omit auth_header_format:

APIs that authenticate via query params or request body
APIs with custom auth mechanisms (not a standard auth header)

How to find the right format:

Check the external API’s auth docs
Look at the API’s 401 response for hints
Most modern APIs use Bearer {api_key}

When to use

Bearer tokens work well for:

API keys and service tokens
Service-to-service calls
CI/CD pipelines
Backend integrations

Use OAuth instead for:

User-facing apps
Delegated access (“act on behalf of a user”)
Consent flows and refresh tokens

Standalone `dedalus_mcp` client

If you’re connecting directly to an MCP server that expects a Bearer token, pass BearerAuth into MCPClient.connect(...):

from dedalus_mcp.client import BearerAuth, MCPClient

client = await MCPClient.connect(
    "http://127.0.0.1:8000/mcp",
    auth=BearerAuth(access_token="your-token"),
)

This sends:

Authorization: Bearer your-token

Documentation Index

​Bearer Auth

​With Dedalus SDK (DAuth)

​Step 1: Define a connection

​Step 2: Bind credentials

​Step 3: Pass to your runner

​Step 4: Environment variables

​auth_header_format reference

​When to use

​Standalone dedalus_mcp client