Authentication
Wire supports two authentication methods for MCP clients:
- OAuth 2.1 - Recommended for individual users and agents running on your computer
- API Keys - Recommended for headless agents and server-side automation
Using OAuth
Section titled “Using OAuth”Most MCP clients handle OAuth automatically. When you first connect, your browser will open to:
- Sign in to Wire (if not already authenticated)
- Review the requested permissions
- Approve access
After approval, the client stores your credentials and you won’t need to sign in again until the token expires.
Using API Keys
Section titled “Using API Keys”API keys can be passed to your MCP client via the x-api-key header or Authorization: Bearer header.
OAuth Technical Details
Section titled “OAuth Technical Details”This section is for developers building MCP clients.
Discovery
Section titled “Discovery”Fetch the OAuth configuration:
GET https://YOUR_ORG_SLUG.mcp.usewire.io/.well-known/oauth-authorization-serverAuthorization Request
Section titled “Authorization Request”GET /oauth/authorize? response_type=code& client_id=mcp-client& redirect_uri=...& scope=containers:read& code_challenge=...& code_challenge_method=S256Token Exchange
Section titled “Token Exchange”POST /oauth/tokenContent-Type: application/x-www-form-urlencoded
grant_type=authorization_code&code=...&redirect_uri=...&code_verifier=...Security
Section titled “Security”- PKCE required - All OAuth flows must use Proof Key for Code Exchange
- JWT tokens - Access tokens contain user ID, organization ID, and authorized containers
- Token lifetime - Access tokens expire after 1 hour; refresh tokens last 30 days