Skip to main content
The Alphacast MCP server reuses the same API key as the REST API. There is no separate token to manage and no OAuth flow.

Environment variable

The server reads your API key from the ALPHACAST_API_KEY environment variable at startup. You set this once in your client’s MCP configuration: 
{
  "env": {
    "ALPHACAST_API_KEY": "YOUR_ALPHACAST_API_KEY"
  }
}
The server uses this key internally when calling the Alphacast REST API on your behalf.
The key is the same raw API key you use for the REST API (where it goes as the HTTP Basic Auth username). Both authenticate as the same Alphacast account.

Permissions

The MCP server inherits whatever permissions the API key has on the underlying account:
Account permissionWhat MCP can do
Read on a repositoryList, search, and download datasets in that repository.
Write on a repositoryAll Read operations. (Dataset and repository creation are intentionally not exposed via MCP.)
Owner / Admin on a repositorySame as Write. Repository and dataset deletion are intentionally not exposed.
If a tool call returns 403 Forbidden, the API key does not have the required permission on the target repository. Generate a new key under an account with the right access, or have the repository owner grant you write access.

Where to manage your key

What the server does not see

The server only ever sees the API key from the environment variable. It does not store the conversation history of your MCP client, the prompts you wrote, or the responses the model generated. Tool inputs and outputs travel only between your client, the Alphacast MCP server (running locally), and the Alphacast REST API.