Skip to main content

Authentication

Station supports multiple authentication methods for AI providers and CloudShip platform integration.

AI Provider Authentication

Anthropic OAuth Unavailable: Anthropic has restricted third-party use of OAuth tokens. Claude Max/Pro subscription authentication (stn auth anthropic login) is not working until further notice. Please use API key authentication instead.
Set your API key as an environment variable:

Authentication Priority

Station checks for credentials in this order:

Deployments

For all Station instances (local, Docker, K8s, Fly.io), use API keys:

CloudShip Authentication

Connect your Station to CloudShip for centralized management, team collaboration, and OAuth-protected MCP access.

Login with API Key

Get your API key from your CloudShip dashboard.

Using Registration Key

For automated deployments, use a registration key in your config:

Check Connection Status

Logout


OAuth for MCP Access

When CloudShip OAuth is enabled, MCP clients authenticate through CloudShip before accessing your Station’s agents.

Who Can Access?

Only users who:
  1. Have a CloudShip account
  2. Are members of your organization
  3. Successfully authenticate via OAuth

Enable OAuth

How It Works

MCP Client Configuration

Point your MCP client to port 8587 (Dynamic Agent MCP):
When connecting, the client will:
  1. Receive a 401 with OAuth discovery URL
  2. Open CloudShip login in your browser
  3. After authentication, automatically retry with the access token

Security Notes

  • Registration keys should be kept secret - they authorize Station connections
  • OAuth tokens are validated on every MCP request via CloudShip introspection
  • PKCE is required for all OAuth flows (S256 code challenge)
  • Station caches validated tokens for 5 minutes to reduce introspection calls

Next Steps