Model Context Protocol (MCP) is an open standard that defines how applications can provide tools and context to LLMs. The MCP tool in the Responses API enables developers to grant models access to tools hosted on Remote MCP servers. These servers are managed by developers and organizations across the internet and make tools available to MCP clients, such as the Responses API.

Obiguard supports using MCP servers through the Responses API. Making a request to a remote MCP server with the Responses API is simple. For instance, you can use the DeepWiki MCP server to query nearly any public GitHub repository.

Example MCP Request

A Responses API request to OpenAI with MCP tools enabled.

from obiguard import Obiguard

client = Obiguard(
  obiguard_api_key="sk-obg-***",  # Your Obiguard API key here
)

resp = client.responses.create(
  model="gpt-4.1",
  tools=[
    {
      "type": "mcp",
      "server_label": "deepwiki",
      "server_url": "https://mcp.deepwiki.com/mcp",
      "require_approval": "never",
    },
  ],
  input="What transport protocols are supported in the 2025-03-26 version of the MCP spec?",
)
print(resp.output_text)

MCP Server Authentication

While the DeepWiki MCP server does not require authentication, most other MCP servers do. The MCP tool in the Responses API allows you to specify custom headers for requests to remote MCP servers. These headers can include API keys, OAuth tokens, or any other authentication method supported by the server.

The most commonly used header for authentication is the Authorization header. Here is an example of how to include it:

Using the Stripe MCP tool

from obiguard import Obiguard

client = Obiguard(
  obiguard_api_key="sk-obg***",  # Your Obiguard API key here
)

resp = client.responses.create(
  model="gpt-4.1",
  input="Create a payment link for $20",
  tools=[
    {
      "type": "mcp",
      "server_label": "stripe",
      "server_url": "https://mcp.stripe.com",
      "headers": {
         "Authorization": "Bearer $STRIPE_API_KEY"
      }
    }
  ]
)

print(resp.output_text)

To ensure sensitive keys remain secure, the Responses API does not store any string values provided in the headers object. These values are also excluded from the created Response object.

Additionally, since some remote MCP servers generate authenticated URLs, the path portion of the server_url is removed in responses (e.g., example.com/mcp becomes example.com). As a result, you must include the full server_url path and any necessary headers in every Responses API creation request.