Authentication
Station supports multiple authentication methods for AI providers and CloudShip platform integration.
AI Provider Authentication
Anthropic OAuth Unavailable: Anthropic has restricted third-party use of OAuth tokens. Claude Max/Pro subscription authentication (stn auth anthropic login) is not working until further notice. Please use API key authentication instead.
API Keys (Recommended)
Set your API key as an environment variable:
Authentication Priority
Station checks for credentials in this order:
Deployments
For all Station instances (local, Docker, K8s, Fly.io), use API keys:
CloudShip Authentication
Connect your Station to CloudShip for centralized management, team collaboration, and OAuth-protected MCP access.
Login with API Key
Get your API key from your CloudShip dashboard.
Using Registration Key
For automated deployments, use a registration key in your config:
Check Connection Status
Logout
OAuth for MCP Access
When CloudShip OAuth is enabled, MCP clients authenticate through CloudShip before accessing your Station’s agents.
Who Can Access?
Only users who:
- Have a CloudShip account
- Are members of your organization
- Successfully authenticate via OAuth
Enable OAuth
How It Works
MCP Client Configuration
Point your MCP client to port 8587 (Dynamic Agent MCP):
When connecting, the client will:
- Receive a 401 with OAuth discovery URL
- Open CloudShip login in your browser
- After authentication, automatically retry with the access token
Security Notes
- Registration keys should be kept secret - they authorize Station connections
- OAuth tokens are validated on every MCP request via CloudShip introspection
- PKCE is required for all OAuth flows (S256 code challenge)
- Station caches validated tokens for 5 minutes to reduce introspection calls
Next Steps