Interface: McpRouterOptions
Defined in: index.ts:281
Options for configuring the MCP router
Properties
aliases?
optionalaliases?:string[]
Defined in: index.ts:298
Additional HTTP paths where the MCP server is also mounted.
Useful when MCP clients differ in where they connect after OAuth: some
follow the protected-resource resource metadata value as the endpoint,
others always connect to the bare origin (/). Setting aliases: ['/']
serves both without requiring app-level path rewrites.
Example
['/'] // also handle MCP requests at the bare root
apiBaseUrl?
optionalapiBaseUrl?:string
Defined in: index.ts:315
Base URL prepended to relative paths passed to apiCall (paths starting
with /). Tool handlers can then call apiCall('GET', '/resource') without
specifying a host.
Example
'http://localhost:3000/api/v1'
auth?
optionalauth?:McpAuthOptions
Defined in: index.ts:377
OAuth / JWT authentication configuration for the MCP endpoint.
When set, incoming MCP requests must include a valid Bearer token in the
Authorization header — except for publicMethods (by default
initialize and tools/list), which bypass verification so clients can
discover the server before authenticating. Invalid or missing tokens
receive a 401 response with WWW-Authenticate: Bearer (or
Bearer resource_metadata="..." when resourceMetadataUrl is set, per
RFC 9728). Tokens that fail a requiredScopes check receive 403.
The verified token payload is accessible inside tool handlers via getIdentity. Fine-grained per-tool scope checks can be done with checkScopes.
Examples
createMcpRouter(server, {
auth: {
cognitoUserPool: { userPoolId: 'us-east-1_xxx', clientId: 'yyy' },
requiredScopes: ['mcp:access'],
},
});
createMcpRouter(server, {
auth: {
verifyToken: async (token) => myJwtLib.verify(token),
},
});
getApiHeaders?
optionalgetApiHeaders?: (ctx) =>Record<string,string>
Defined in: index.ts:341
Called once per incoming MCP HTTP request. Return a plain object whose
key-value pairs will be merged into the headers of every apiCall made
within that request's tool handlers.
Use this to forward any header from the MCP request — Bearer tokens, API keys, tenant IDs, trace headers, etc. — without coupling tool handlers to a specific authentication scheme.
Parameters
| Parameter | Type |
|---|---|
ctx | Context |
Returns
Record<string, string>
Examples
getApiHeaders: (ctx) => ({ Authorization: ctx.headers.authorization ?? '' })
getApiHeaders: (ctx) => ({ 'x-api-key': ctx.headers['x-api-key'] as string })
getApiHeaders: () => ({ 'x-internal-key': process.env.INTERNAL_API_KEY! })
path?
optionalpath?:string
Defined in: index.ts:286
The HTTP path where the MCP server will be mounted
Default
'/mcp'
sessionIdGenerator?
optionalsessionIdGenerator?: () =>string
Defined in: index.ts:306
Optional session ID generator for stateful MCP servers. When provided, a single shared transport is created and sessions are tracked. When undefined (default), the server operates in stateless mode where each HTTP request uses its own transport instance.
Returns
string