Auth

YDB-Qdrant auth and scoped access

YDB-Qdrant uses namespace-oriented REST API keys for vector data and a separate bearer-token model for hosted Code Indexer MCP repository memory.

REST API key namespace

Send api-key on REST requests. The server derives a stable namespace from the key, then stores collection metadata and points under that namespace.

api-key: my-stable-namespace-key

Version and retry headers

YDB-Qdrant-API-Version: 2026-05-28
Idempotency-Key: stable-mutation-key

Optional tenant suffix

Send X-Tenant-Id when one integration key needs separate tenant or workspace namespaces.

X-Tenant-Id: workspace-42

Practical REST access model

Agent auth discovery metadata

Agents can discover the current auth contract through OAuth protected-resource metadata. This file documents the existing REST api-key namespace model. It intentionally omits authorization_servers and scopes_supported because the REST backend does not accept OAuth access tokens or enforce OAuth scopes.

/.well-known/oauth-protected-resource

Code Indexer MCP tokens

Code Indexer auth is separate from REST API keys. Users install the GitHub App, sign in through GitHub OAuth, and create MCP tokens in the dashboard.

Authorization: Bearer <mcp-token>