Authentication
The MCP server supports two authentication methods. Most users authenticate through OAuth when their MCP host supports it. API key access is available for programmatic use cases, shared project connections, and hosts that only support key-based authentication.OAuth (recommended)
The MCP server uses OAuth 2.0 Authorization Code Flow with PKCE. When you add the Synthesize Bio Claude Connector from Claude’s connector marketplace, the entire flow is handled for you:- Claude opens your browser to the Synthesize Bio sign-in page.
- You sign in with your existing Synthesize Bio account.
- Claude receives a token and caches it for future requests.
Token lifecycle
- Access tokens are issued during the OAuth flow and cached by the MCP client.
- If a token expires, the client re-authenticates automatically.
- Revoking access requires disconnecting the connector in Claude settings.
API key access
If your workflow requires direct API access, a custom MCP client, or a shared connection in a host that supports key-based authentication, you can use a platform API key as a Bearer token.Creating an API key
- Sign in to app.synthesize.bio.
- Go to Account → API Keys.
- Create a new key and copy it immediately — it is only shown once.
Using the key
Use this MCP URL:Authorization. The key value must include the Bearer
prefix before the API key.
For direct HTTP requests, pass the same value as an Authorization header:
Security
- Keep your API key secret. Do not commit it to version control.
- Rotate keys periodically from the API Keys page.
- Each key is scoped to your account and workspace.