Authentication

API keys

Access to the Vio MCP server requires an API key, provided by your Vio representative. The API key is passed as a query parameter on every request:

POST https://mcp.vio.com/mcp?api_key=YOUR_API_KEY

IP allowlisting

For added security, API keys can be restricted to specific IP ranges. When configured, requests from unauthorized IPs receive a 403 Forbidden response. This is enforced at the edge before requests reach the origin server, ensuring minimal latency impact.

Requesting access

To get an API key for your integration:

1. Contact your Vio representative
2. Provide your expected IP ranges (if applicable)
3. Specify your use case (for usage monitoring configuration)
4. Receive your API key and endpoint details

Security notes

• API keys identify the client and are not secrets - IP allowlisting provides the actual access control
• All traffic is encrypted via TLS (HTTPS only)
• No user authentication data (passwords, tokens) is required or stored
• The server does not access or store end-user PII