This page summarizes the connection settings used by the obniz MCP Server.
The App Token is passed by the MCP client. Self-hosted servers do not need a fixed server-side token. The cloud MCP server is in alpha, and behavior or availability is not guaranteed.
Authentication
The MCP server authenticates requests with an obniz Cloud App Token.
Send the token in the HTTP Authorization header as Bearer apptoken_xxx.
The App Token determines which Hosted App and installed devices the MCP client can access.
Endpoints
| Environment | MCP endpoint | Health check |
|---|---|---|
| Cloud | https://mcp.obniz.com/mcp |
- |
| Self-hosted | http://localhost:3000/mcp |
http://localhost:3000/health |
Connect new MCP clients to the MCP endpoint. For self-hosted startup steps and Docker settings, see obniz/obniz-mcp.
Self-hosted environment variables
When you run the server yourself, these environment variables are available:
| Variable | Required | Default | Description |
|---|---|---|---|
PORT |
No | 3000 |
HTTP server port |
When self-hosting, the App Token is still passed by the MCP client in the Authorization header, not as a server-side environment variable. Do not put real App Tokens in shared config files or Git.
Multiple clients
Multiple MCP clients can connect to the server.
- Clients using the same App Token share the same device pool.
- Clients using different App Tokens are isolated from each other.
- When all clients disconnect, server-side session state is cleaned up automatically.
Token handling
Treat App Tokens like credentials.
- Do not commit real tokens to Git.
- Use local or user-specific MCP config files when possible.
- Rotate the token in obniz Cloud if it may have been exposed.