Sazabi
MCPSazabi MCP Server

Authentication

How to authenticate with Sazabi's MCP server using secret API keys.

The Sazabi MCP server requires a secret API key for authentication. This key is passed in a header with each request to the MCP server.

Getting a secret key

Open Settings

Go to Settings -> API Keys in the Sazabi dashboard.

Create a secret key

Click Create API Key and select Secret as the key type. Give it a descriptive name like "MCP Server" or "Claude Code".

Copy the key

Copy the key immediately. You will not be able to see it again after closing the dialog.

Key types

Sazabi offers two types of API keys:

TypeUse caseAccess level
PublicClient-side applications, log ingestionLimited to sending data
SecretMCP server, server-side integrationsFull read/write access

For MCP server authentication, you must use a Secret key. Public keys do not have the permissions required for the MCP server's tools.

Using the key

When configuring your MCP client, the secret key is typically passed as an environment variable or header:

Header name

X-Sazabi-Secret-Key

Example configuration

Most MCP clients use the @anthropic-ai/mcp-remote package, which accepts headers via environment variables prefixed with HEADER_:

{
  "env": {
    "HEADER_X_SAZABI_SECRET_KEY": "sk_your_secret_key_here"
  }
}

See the client setup guides for specific configuration instructions for each AI tool.

Security best practices

Secret keys provide full access to your Sazabi organization. Handle them with care.

Keep keys secure

  • Never commit secret keys to version control
  • Do not share keys in chat or email
  • Use environment variables instead of hardcoding keys
  • Rotate keys periodically

Limit key scope

  • Create separate keys for different tools or team members
  • Use descriptive names to track key usage
  • Revoke keys when they are no longer needed

Monitor key usage

  • Check the API Keys page for last-used timestamps
  • Revoke keys that show unexpected activity
  • Rotate keys if you suspect they have been compromised

Revoking a key

If a key is compromised or no longer needed:

Open Settings

Go to Settings -> API Keys in the Sazabi dashboard.

Find the key

Locate the key you want to revoke in the list.

Revoke

Click the menu icon and select Revoke. Confirm the action.

Revoking a key is immediate. Any MCP clients using that key will immediately lose access.

Troubleshooting

Authentication errors

If you see authentication errors when connecting:

  1. Verify the key is correct and has not been revoked.
  2. Check that the header name is exactly X-Sazabi-Secret-Key.
  3. Ensure you are using a Secret key, not a Public key.
  4. Verify the environment variable name matches your client's expected format.

Key not working after rotation

If you rotated a key and the new one is not working:

  1. Restart your MCP client after updating the configuration.
  2. Verify the new key was copied correctly.
  3. Check that you updated all locations where the key is used.

Next steps

Client Setup

Configure your AI tool to use Sazabi's MCP server.

Available Tools

See all the tools Sazabi exposes through MCP.

Overview

Expose Sazabi's observability capabilities to external AI tools like Claude Code, Cursor, and ChatGPT through the Model Context Protocol.

Available Tools

Documentation of all tools available through Sazabi's MCP server.

On this page

Getting a secret keyOpen SettingsCreate a secret keyCopy the keyKey typesUsing the keyHeader nameExample configurationSecurity best practicesKeep keys secureLimit key scopeMonitor key usageRevoking a keyOpen SettingsFind the keyRevokeTroubleshootingAuthentication errorsKey not working after rotationNext steps