MCP-identity
betaPer-request cryptographic attestation for MCP servers
SecurityAuthenticationAPI Management
What It Does
Details
MCP-identity provides cryptographic attestation for individual HTTP requests to MCP servers. It signs each request with a user's key over the exact payload, enabling server-side verification of request authorization. This ensures actions like data deletion or transactions can be proven to have user approval.
Who It's For
Best fit users
- •Developers integrating MCP servers
- •Security professionals
- •Auditors requiring request-level validation
Why It Matters
Why this one made the cut
OAuth alone cannot prove a user authorized the exact request. MCP-identity adds non-repudiation and per-request audit trails, helping prevent disputes over high-stakes operations like financial transactions or sensitive data modifications.
Differentiator
What makes it different
Works alongside OAuth instead of replacing it, using a single HTTP header for integration with minimal overhead.
Sources