Skip to main content

External Service Integration Guide

Learn how to securely integrate external services with your MCP server using AuthSec SDK.

Real-World Use Case: GitHub Integration

Let's build a tool that lists GitHub repositories using credentials stored securely in HashiCorp Vault.

Setup: Store Credentials in Dashboard

  1. Log in to AuthSec Dashboard
  2. Navigate to Services section
  3. Add service: "GitHub API Integration"
  4. Store credential: access_token = ghp_YOUR_TOKEN
  5. Credentials are encrypted and stored in Vault

Code: Use Credentials Securely

import aiohttp
from authsec_sdk import protected_by_AuthSec, ServiceAccessSDK

@protected_by_AuthSec("list_my_repos", scopes=["read"])
async def list_my_repos(arguments: dict, session) -> list:
    """List user's GitHub repositories."""

    # Create services SDK
    services_sdk = ServiceAccessSDK(session)

    # Fetch GitHub token from Vault (secure!)
    github_token = await services_sdk.get_service_token("GitHub API Integration")

    # Call GitHub API
    async with aiohttp.ClientSession() as http:
        async with http.get(
            'https://api.github.com/user/repos',
            headers={'Authorization': f'Bearer {github_token}'}
        ) as response:
            repos = await response.json()

    # Format response
    repo_list = "\n".join([
        f"- {repo['full_name']} ({repo['stargazers_count']} ⭐)"
        for repo in repos[:10]
    ])

    return [{
        "type": "text",
        "text": f"Your GitHub Repositories:\n{repo_list}"
    }]

Security Benefits

  • ✅ Token stored in Vault, not in code
  • ✅ Only users with read scope can access
  • ✅ Token never exposed to end users
  • ✅ All access logged and auditable
  • ✅ Credentials can be rotated from dashboard

Service Integration Features

Secure Credential Storage

  • All credentials stored in HashiCorp Vault
  • Encrypted at rest
  • Accessible only via AuthSec SDK
  • Never exposed in code or logs

Credential Management

  • Store via UI dashboard
  • Rotate credentials easily
  • Audit credential access
  • Multiple credentials per service

Service Types Support

  • APIs (GitHub, GitLab, etc.)
  • Cloud Services (AWS, Azure, GCP)
  • Databases (PostgreSQL, MySQL, etc.)
  • Chat Services (Slack, Discord)
  • Any service requiring credentials

Access Control

  • Restrict by role/scope
  • Track usage per user
  • Audit all access
  • Revoke access instantly

Best Practices

  1. Never store credentials in code

    • Always use ServiceAccessSDK
    • Store through AuthSec Dashboard in vault storage

  2. Use appropriate scopes

    • Restrict access by scope
    • Validate user permissions

  3. Handle errors gracefully

    • Check for credential availability
    • Validate service responses

  4. Implement logging

    • Track service usage
    • Monitor for issues

  5. Regular rotation

    • Rotate credentials periodically
    • Update via dashboard only