API Authentication

All API and MCP access is authenticated. Foundation supports multiple authentication methods.

OAuth 2.0

Your Foundation app is a full OAuth 2.0 provider. Clients can authenticate using standard OAuth flows.

Users and services can generate API keys for programmatic access. Keys are scoped to the permissions of the user who created them.

For service-to-service communication, use bearer tokens with specific scopes.

All authentication methods respect the roles and scopes you've configured. A token only grants access to what its associated role allows.