Authentication

The MCP server supports two authentication methods. Most users authenticate through the OAuth flow that Claude handles automatically. API key access is available for programmatic or advanced use cases.

OAuth (recommended)

The MCP server uses OAuth 2.0 Authorization Code Flow with PKCE. When you add the Synthesize Bio Claude Connector from Claude’s connector marketplace, the entire flow is handled for you:

Claude opens your browser to the Synthesize Bio sign-in page.
You sign in with your existing Synthesize Bio account.
Claude receives a token and caches it for future requests.

No separate credentials or setup is required beyond a Synthesize Bio account.

Token lifecycle

Access tokens are issued during the OAuth flow and cached by the MCP client.
If a token expires, the client re-authenticates automatically.
Revoking access requires disconnecting the connector in Claude settings.

API key access

If your workflow requires direct API access outside of Claude — for example, from a script or a custom MCP client — you can use a platform API key as a Bearer token.

Creating an API key

Sign in to app.synthesize.bio.
Go to Account → API Keys.
Create a new key and copy it immediately — it is only shown once.

Using the key

Pass the API key as a Bearer token in the Authorization header:

curl -X POST https://app.synthesize.bio/api/mcp \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Accept: application/json, text/event-stream" \
  -H "MCP-Protocol-Version: 2024-11-05" \
  -d '{"jsonrpc":"2.0","id":1,"method":"tools/list","params":{}}'

Security

Keep your API key secret. Do not commit it to version control.
Rotate keys periodically from the API Keys page.
Each key is scoped to your account and workspace.

Documentation Index

​Authentication

​OAuth (recommended)

​Token lifecycle

​API key access

​Creating an API key

​Using the key

​Security