Authentication
How to authenticate with the Pendium MCP server using API keys.
API keys
Most MCP tools require an API key. The only exception is lookup_brand_score, which works without authentication.
Generate an API key from your Pendium dashboard. Log in, click your avatar in the sidebar, then API Keys. Or visit pendium.ai/mcp and click Get API Key.
Passing your API key
Include your API key in the request headers using either method:
Bearer token (recommended)
Custom header
When configuring your MCP client, set the header in your connection config. See the quick start for platform-specific examples.
How auth works
- The MCP server extracts the API key from request headers.
- The key is validated against Pendium's database, resolving to a user account.
- For tools that operate on a specific brand agent (identified by
syntheticId), an ownership check verifies the authenticated user has access to that agent. - Admin users can access any agent.
Error responses
When authentication fails, the tool returns a descriptive error:
| Scenario | Error message |
|---|---|
| No API key provided | API key required. Add your Pendium API key as a Bearer token. Get one at https://pendium.ai/mcp |
| Invalid API key | Invalid API key. Check your key at https://pendium.ai/mcp |
| No access to agent | Agent with syntheticId=X not found or you don't have access. Use the get_account tool to see your agents. |
Agent access model
Each API key is tied to a Pendium user account. That user owns one or more brand agents (identified by syntheticId). Tools that require a syntheticId parameter will verify that the authenticated user owns that agent before executing.
Use the get_account tool to list all agents accessible to your API key, along with their syntheticId values and latest scores.