Skip to main content
Glama
nk3750

jitapi

by nk3750
OverviewSchemaRelated ServersScoreDiscussions
Python
Hybrid

set_api_auth

Configure API authentication methods including API keys and bearer tokens, with secure credential handling through environment variables.

Instructions

Configure authentication for an API. Supports API key (header or query param) and bearer token auth. Use env_var to reference a secret from an environment variable — the credential is then resolved at request time and never stored on disk.

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
api_idYesThe API identifier
auth_typeYesType of authentication
credentialNoThe API key or bearer token. Not required when env_var is set.
env_varNoEnvironment variable name that holds the credential (e.g., 'GITHUB_TOKEN'). When set, the secret is read from this env var at request time and never written to disk.
header_nameNoHeader name for API key (default: X-API-Key)
param_nameNoQuery param name for API key auth

Implementation Reference

  • src/jitapi/mcp/tools.py:546-589 (handler)
    Implementation of the _set_api_auth handler.
    async def _set_api_auth(self, args: dict[str, Any]) -> ToolResult:
    """Configure API authentication."""
    api_id = args["api_id"]
    auth_type = args["auth_type"]
    credential = args.get("credential", "")
    env_var = args.get("env_var")

    # Must provide either credential or env_var
    if not credential and not env_var:
        return ToolResult(
            success=False,
            data=None,
            error="Either 'credential' or 'env_var' must be provided.",
        )

    if auth_type == "api_key":
        header_name = args.get("header_name", "X-API-Key")
        self.auth_handler.set_api_key(
            api_id, credential, header_name, env_var=env_var,
        )
    elif auth_type == "api_key_query":
        param_name = args.get("param_name", "apikey")
        self.auth_handler.set_api_key_query_param(
            api_id, credential, param_name, env_var=env_var,
        )
    elif auth_type == "bearer":
        self.auth_handler.set_bearer_token(api_id, credential, env_var=env_var)
    else:
        return ToolResult(
            success=False,
            data=None,
            error=f"Unknown auth type: {auth_type}",
        )

    source = f"env var ${env_var}" if env_var else "provided credential"
    return ToolResult(
        success=True,
        data={
            "api_id": api_id,
            "auth_type": auth_type,
            "credential_source": "env_var" if env_var else "direct",
            "message": f"Authentication configured for {api_id} (from {source})",
        },
    )
  • src/jitapi/mcp/models.py:128-149 (schema)
    Pydantic model defining the input schema for the set_api_auth tool.
    class SetApiAuthInput(BaseModel):
    """Input for set_api_auth tool."""

    api_id: str = Field(
        ...,
        description="The API identifier",
        min_length=1,
    )
    auth_type: Literal["api_key", "api_key_query", "bearer"] = Field(
        ...,
        description="Type of authentication",
    )
    credential: str = Field(
        "",
        description="The API key or bearer token. Not required when env_var is set.",
    )
    env_var: str | None = Field(
        None,
        description="Environment variable name that holds the credential. "
        "When set, the secret is read from this env var at request time and never written to disk.",
    )
    header_name: str = Field(
  • src/jitapi/mcp/tools.py:293-293 (registration)
    Registration of the set_api_auth tool in the MCP tools dispatcher.
    "set_api_auth": self._set_api_auth,

Tool Definition Quality

A3.6/5.0
Behavior3/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries the full burden of behavioral disclosure. It successfully discloses the critical security behavior that env_var credentials are 'never stored on disk' and resolved at request time. However, it omits other important behavioral traits for a configuration tool: whether this overwrites existing auth, validation behavior, and idempotency semantics.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description consists of three tightly constructed sentences with zero waste: sentence 1 establishes purpose, sentence 2 enumerates capabilities, and sentence 3 provides critical security guidance. Information is front-loaded and every clause earns its place.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness3/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the 100% schema coverage and lack of output schema, the description adequately covers the primary function. However, for a configuration/mutation tool with zero annotations indicating side effects or safety, the description should disclose overwrite behavior and validation semantics to be considered complete. As is, it leaves operational questions unanswered.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters4/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

While the schema has 100% coverage (baseline 3), the description adds meaningful semantic context beyond the schema. Specifically, it clarifies the security implication of the env_var parameter ('never stored on disk'), which is not explicitly stated in the schema's technical description of the parameter, and maps the auth types to their transport mechanisms (header vs query param).

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the specific action ('Configure authentication') and resource ('for an API'), and enumerates supported auth types (API key header/query, bearer). It implicitly distinguishes from siblings like call_api or register_api by focusing specifically on auth configuration, though it could explicitly clarify this is a prerequisite for call_api.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines3/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides internal guidance on parameter selection ('Use env_var to reference a secret'), helping users choose between credential and env_var parameters. However, it lacks explicit workflow guidance regarding when to use this tool versus siblings (e.g., 'use this before call_api') or prerequisites for invocation.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/nk3750/jitapi'

If you have feedback or need assistance with the MCP directory API, please join our Discord server