Skip to main content

Bearer Auth

Authenticate with Bearer tokens
Bearer tokens are the simplest way to authenticate to protected APIs and MCP servers. They work well for API keys, service accounts, and other non-interactive workflows.

With Dedalus SDK (DAuth)

If you’re using the Dedalus runner / marketplace, you typically declare a Connection schema (what secrets you need) and then bind it to real values at runtime.

Step 1: Define a connection

from dedalus_mcp import Connection, SecretKeys

x = Connection(
    name="x",
    secrets=SecretKeys(token="X_BEARER_TOKEN"),
    base_url="https://api.x.com",  # your API provider base URL
    auth_header_format="Bearer {api_key}",
)

Step 2: Bind credentials

import os
from dedalus_mcp import SecretValues

# SecretValues binds actual values to the Connection schema.
x_secrets = SecretValues(x, token=os.getenv("X_BEARER_TOKEN", ""))

Step 3: Pass to your runner

from dedalus_labs import AsyncDedalus, DedalusRunner

async def main():
    client = AsyncDedalus()
    runner = DedalusRunner(client)

    response = await runner.run(
        input="Find trending topics",
        model="anthropic/claude-sonnet-4-20250514",
        mcp_servers=["windsor/x-api-mcp"],
        credentials=[x_secrets],
    )

Step 4: Environment variables

# Dedalus credentials
DEDALUS_API_KEY=dsk_your_key
DEDALUS_AS_URL=https://as.dedaluslabs.ai

# Your external API credentials
X_BEARER_TOKEN=AAAA...

auth_header_format reference

auth_header_format controls how the server formats the Authorization header when calling external APIs through dispatch. The format string must include {api_key}.
APIFormatHeader sent
X (Twitter)Bearer {api_key}Authorization: Bearer AAAA...
GitHubtoken {api_key}Authorization: token ghp_...
SlackBearer {api_key}Authorization: Bearer xoxb-...
When to omit auth_header_format:
  • APIs that authenticate via query params or request body
  • APIs with custom auth mechanisms (not a standard auth header)
How to find the right format:
  • Check the external API’s auth docs
  • Look at the API’s 401 response for hints
  • Most modern APIs use Bearer {api_key}

When to use

Bearer tokens work well for:
  • API keys and service tokens
  • Service-to-service calls
  • CI/CD pipelines
  • Backend integrations
Use OAuth instead for:
  • User-facing apps
  • Delegated access (“act on behalf of a user”)
  • Consent flows and refresh tokens

Standalone dedalus_mcp client

If you’re connecting directly to an MCP server that expects a Bearer token, pass BearerAuth into MCPClient.connect(...): 
from dedalus_mcp.client import BearerAuth, MCPClient

client = await MCPClient.connect(
    "http://127.0.0.1:8000/mcp",
    auth=BearerAuth(access_token="your-token"),
)
This sends: 
Authorization: Bearer your-token