Authentication

Connect Satellyte UI credentials to the MCP server safely.

Live MCP usage depends on a valid Satellyte Public API credential.

The Satellyte Public API authentication contract uses the X-Satellyte-API-Key header. The MCP server forwards the user's configured credential to the Public API when it performs live work.

User-facing connection flow

Satellyte UI -> generate or copy API key/token -> configure MCP client secret or environment variable -> MCP server forwards X-Satellyte-API-Key -> Satellyte Public API validates workspace context

Header contract

X-Satellyte-API-Key: YOUR_PUBLIC_API_KEY

The Public API base path remains:

/api/v1

Store the key safely

Do not paste API keys into prompts, chat messages, source code, screenshots, or committed config files.

Use a local secret, environment variable, or MCP client secret configuration instead.

Example local secret shape:

SATELLYTE_API_KEY=<copy_from_satellyte_ui>

The MCP client or server configuration should forward that credential to the Public API as:

X-Satellyte-API-Key: ${SATELLYTE_API_KEY}

Confirm auth context

Before running charged tools, confirm the active context:

Use the get_auth_context MCP tool. Read the satellyte://account/info MCP resource.

These checks help confirm which workspace/account context the MCP server is using.

Credit-sensitive safety

Some MCP tools can trigger Public API credit usage when they perform live work.

For charged workflows:

  1. Start with dry_run: true where supported.
  2. Confirm the planned scope and caps.
  3. Run a smaller live request first.
  4. Check returned credits.charged, credits.remaining, and credits.breakdown[] when the Public API returns live credit state.

Credit costs are controlled by the Satellyte backend and credit configuration. The MCP server must not hardcode numeric credit costs.