kopia lustrzana https://github.com/transitive-bullshit/chatgpt-api
72 wiersze
2.3 KiB
Markdown
72 wiersze
2.3 KiB
Markdown
---
|
|
title: Origin Security
|
|
description: Agentic offers multiple ways to secure your origin server from unauthorized requests.
|
|
---
|
|
|
|
## Securing your origin server
|
|
|
|
Agentic's MCP Gateway will always pass a **proxy secret** when making tool calls to your origin server (either as [`_meta.agentic.agenticProxySecret` for MCP origin servers](/publishing/origin/metadata#mcp-origin-server) or as an [`x-agentic-proxy-secret` header for OpenAPI origin servers](/publishing/origin/metadata#open-api-origin-server)).
|
|
|
|
You can find this secret key in your Agentic project's dashboard settings.
|
|
|
|
You'll want to set this secret key in your origin server's environment variables and use it to protect against unauthorized requests.
|
|
|
|
Note that this is only necessary if your origin server is deployed externally to a public network.
|
|
|
|
### Securing an MCP origin server
|
|
|
|
This is example pseudocode for how you might protect your origin MCP server to ensure only calls from Agentic's MCP Gateway are allowed.
|
|
|
|
```ts
|
|
if (
|
|
(_meta?.agentic as any)?.agenticProxySecret !==
|
|
process.env.AGENTIC_PROXY_SECRET
|
|
) {
|
|
return {
|
|
content: [
|
|
{
|
|
type: 'text',
|
|
text: 'Unauthorized'
|
|
}
|
|
],
|
|
isError: true
|
|
}
|
|
}
|
|
```
|
|
|
|
### Securing an OpenAPI origin server
|
|
|
|
This is example pseudocode for how you might protect your origin OpenAPI service to ensure only calls from Agentic's MCP Gateway are allowed.
|
|
|
|
```ts
|
|
if (
|
|
request.headers.get('x-agentic-proxy-secret') !==
|
|
process.env.AGENTIC_PROXY_SECRET
|
|
) {
|
|
return {
|
|
status: 401,
|
|
body: {
|
|
error: 'Unauthorized'
|
|
}
|
|
}
|
|
}
|
|
```
|
|
|
|
## Restricting IP addresses
|
|
|
|
You can also protecting your origin server by restricting HTTP calls to specific IP addresses used by Agentic's MCP gateway.
|
|
|
|
This is currently a private beta feature. If you're interested in using it, please [get in touch](/contact).
|
|
|
|
## Signed HTTP requests
|
|
|
|
You can also protecting your origin OpenAPI server by requiring all HTTP requests to be signed with your project's proxy secret.
|
|
|
|
This is currently a private beta feature. If you're interested in using it, please [get in touch](/contact).
|
|
|
|
## Signed MCP requests
|
|
|
|
[MCP currently doesn't support signed requests](https://github.com/modelcontextprotocol/modelcontextprotocol/discussions/461).
|
|
|
|
If you're interested in this feature, please [get in touch](/contact).
|