> ## Documentation Index
> Fetch the complete documentation index at: https://resq-dependabot-github-actions-github-actions-478e18be3d.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Security

<a id="resq_mcp.core.security" />

# resq\_mcp.core.security

Security utilities for the ResQ MCP server.

Provides API key verification for authenticated endpoints using FastAPI's
HTTPBearer security scheme for token extraction.

**Notes**:

This implementation uses a simple comparison against the configured API\_KEY.
Production deployments should use secure token storage and validation.

<a id="resq_mcp.core.security.annotations" />

## annotations

<a id="resq_mcp.core.security.logging" />

## logging

<a id="resq_mcp.core.security.secrets" />

## secrets

<a id="resq_mcp.core.security.HTTPException" />

## HTTPException

<a id="resq_mcp.core.security.Request" />

## Request

<a id="resq_mcp.core.security.status" />

## status

<a id="resq_mcp.core.security.HTTPBearer" />

## HTTPBearer

<a id="resq_mcp.core.security.settings" />

## settings

<a id="resq_mcp.core.security.logger" />

#### logger

<a id="resq_mcp.core.security.security_scheme" />

#### security\_scheme

<a id="resq_mcp.core.security.verify_api_key" />

#### verify\_api\_key

```python theme={null}
def verify_api_key(request: Request) -> str
```

Verify the Bearer token against the configured API\_KEY.

Used as a dependency for SSE endpoints if wrapping in FastAPI.
For FastMCP's SSE adapter, authentication may need to be handled
at the deployment level (Ingress/Gateway) for strict OAuth.

**Arguments**:

* `request` - The incoming FastAPI request.

**Returns**:

The validated API token.

**Raises**:

* `HTTPException` - 401 if missing/invalid auth scheme, 403 if invalid key.
