Generate API key

In A9T, your API key is a signed MCP token (JWT) tied to your user account. Agents must send this token in the A9T_TOKEN header when calling the MCP server.

Create a token

This takes less than a minute.

Open the A9T app and go to Settings.
In the MCP Access Token section, click Create New Token.
Copy the generated token snippet immediately (it is shown once).
Save it in your secret manager or secure environment variable store.

MCP config snippet

Paste this into your MCP client configuration and replace placeholders.

{
  "a9t": {
    "url": "https://api.a9t.io/mcp",
    "headers": {
      "A9T_TOKEN": "<YOUR_TOKEN>"
    }
  }
}

The server validates the token signature and checks token revocation status before allowing MCP tool calls.

Security notes

Treat this token exactly like a production API secret.

Never commit tokens to Git or share them in screenshots.
Rotate tokens regularly, especially after team or environment changes.
Use separate tokens for development, staging, and production.