MailKatana authenticates MCP at connection time.

Required header

Authorization: Bearer YOUR_API_KEY
The server validates that key before the SSE session is established and binds all subsequent tool calls to the owning workspace.

Important behavior

  • Authentication is not passed as a tool argument.
  • A direct request to /mcp or /mcp/sse without the header should return 401; that means the endpoint is live but the connection is unauthenticated.
  • A missing Bearer token returns 401 with Authorization header with Bearer token required.
  • An inactive or unknown key returns 401 with invalid API key.

Verification command

curl -i https://api.mailkatana.com/mcp/sse \
  -H "Authorization: Bearer YOUR_API_KEY"
Use this when a client configuration is failing and you want to separate auth issues from client-specific setup problems.