Hi Front community,
We successfully tested the MCP Server feature using OAuth and it works great. However, for our production use case we need this feature available for API Tokens as well.
Our scenario: we are building a centralized MCP server hosted on our own infrastructure that acts as a proxy to Front's MCP, consumed by multiple support agents through AI assistants (Claude Code). The server needs to authenticate against Front without per-user OAuth flows.
The challenge with OAuth:
- The refresh token is tied to a specific user's identity
- If that person leaves the team or the token is invalidated, the integration breaks
- Managing token rotation in a server environment adds significant operational complexity
What we need:
API Tokens with MCP Server feature enabled, so we can authenticate our server-side MCP proxy with a stable, long-lived credential that isn't tied to a specific user's session.
This would be the ideal solution for teams building centralized MCP integrations on top of Front, which we believe is a common enterprise use case.
Has anyone else run into this? Is there a workaround available today?
Thanks,
Matias (MercadoLibre)
