> ## Documentation Index
> Fetch the complete documentation index at: https://docs.dedaluslabs.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Bearer Auth

> Authenticate with Bearer tokens

# Bearer Auth

> Authenticate with Bearer tokens

Bearer tokens are the simplest way to authenticate to protected APIs and MCP servers. They work well for API keys, service accounts, and other non-interactive workflows.

## With Dedalus SDK (DAuth)

If you’re using the Dedalus runner / marketplace, you typically declare a **Connection** schema (what secrets you need) and then bind it to real values at runtime.

### Step 1: Define a connection

```python theme={"theme":{"light":"github-light","dark":"github-dark"}}
from dedalus_mcp import Connection, SecretKeys

x = Connection(
    name="x",
    secrets=SecretKeys(token="X_BEARER_TOKEN"),
    base_url="https://api.x.com",  # your API provider base URL
    auth_header_format="Bearer {api_key}",
)
```

### Step 2: Bind credentials

```python theme={"theme":{"light":"github-light","dark":"github-dark"}}
import os
from dedalus_mcp import SecretValues

# SecretValues binds actual values to the Connection schema.
x_secrets = SecretValues(x, token=os.getenv("X_BEARER_TOKEN", ""))
```

### Step 3: Pass to your runner

```python theme={"theme":{"light":"github-light","dark":"github-dark"}}
from dedalus_labs import AsyncDedalus, DedalusRunner

async def main():
    client = AsyncDedalus()
    runner = DedalusRunner(client)

    response = await runner.run(
        input="Find trending topics",
        model="anthropic/claude-sonnet-4-20250514",
        mcp_servers=["windsor/x-api-mcp"],
        credentials=[x_secrets],
    )
```

### Step 4: Environment variables

```bash theme={"theme":{"light":"github-light","dark":"github-dark"}}
# Dedalus credentials
DEDALUS_API_KEY=dsk_your_key
DEDALUS_AS_URL=https://as.dedaluslabs.ai

# Your external API credentials
X_BEARER_TOKEN=AAAA...
```

## `auth_header_format` reference

`auth_header_format` controls how the server formats the `Authorization` header when calling **external APIs** through dispatch. The format string **must include `{api_key}`**.

| API         | Format             | Header sent                      |
| ----------- | ------------------ | -------------------------------- |
| X (Twitter) | `Bearer {api_key}` | `Authorization: Bearer AAAA...`  |
| GitHub      | `token {api_key}`  | `Authorization: token ghp_...`   |
| Slack       | `Bearer {api_key}` | `Authorization: Bearer xoxb-...` |

**When to omit `auth_header_format`:**

* APIs that authenticate via **query params** or **request body**
* APIs with custom auth mechanisms (not a standard auth header)

**How to find the right format:**

* Check the external API’s auth docs
* Look at the API’s 401 response for hints
* Most modern APIs use `Bearer {api_key}`

## When to use

**Bearer tokens work well for:**

* API keys and service tokens
* Service-to-service calls
* CI/CD pipelines
* Backend integrations

**Use OAuth instead for:**

* User-facing apps
* Delegated access (“act on behalf of a user”)
* Consent flows and refresh tokens

## Standalone `dedalus_mcp` client

If you’re connecting directly to an MCP server that expects a Bearer token, pass `BearerAuth` into `MCPClient.connect(...)`:

```python theme={"theme":{"light":"github-light","dark":"github-dark"}}
from dedalus_mcp.client import BearerAuth, MCPClient

client = await MCPClient.connect(
    "http://127.0.0.1:8000/mcp",
    auth=BearerAuth(access_token="your-token"),
)
```

This sends:

```http theme={"theme":{"light":"github-light","dark":"github-dark"}}
Authorization: Bearer your-token
```
