The current MCP server authentication options (Access Token and OAuth2) are both tied to individual user accounts. This is a problem for shared tooling scenarios — for example, a team using a shared MCP client configuration (like a shared mcp.json in VS Code or a CI/CD agent) needs a token that is:
-
Not tied to any single person’s account
-
Scoped to a specific project or set of workflows
-
Revocable independently of any user account
Allow the Enterprise API key (X-N8N-API-KEY) to authenticate against the MCP server endpoint (/mcp-server/http) — since Enterprise API keys already support scopes, this would give fine-grained, project-agnostic control.