---
title: "MCP authenticated test"
url: https://memory.wiki/GAaYIkii
updated: 2026-05-15T18:42:04.256Z
hub: https://memory.wiki/hub/raymindai
concept_count: 12
source: "mcp"
---
# MCP authenticated test

Created via `mcp__mdfy__mdfy_create` after `mdfy login`. The MCP server should now forward `hi@raymind.ai` as the owner via the `Authorization: Bearer` header read from `~/.mdfy/config.json`.

End-to-end expectation:
1. MCP → `POST mdfy.app/api/docs` with auth header → doc created with `user_id=14b7e152-...`
2. Postgres `documents` INSERT trigger fires
3. pg_net → `POST mdfy.app/api/hooks/doc-created` with webhook secret
4. Handler sees `user_id`, queues `/api/embed/{id}` (not skipped this time)
5. `embedding_updated_at` fills within ~3s

Verifying now.

---

## Summary
The document describes an end-to-end test flow for an MCP authenticated system that creates documents with user ownership and triggers embedding updates through a webhook-driven process.

## Themes
- MCP authentication workflow
- end-to-end document creation
- webhook-driven embedding pipeline

## Key takeaways
- Document creation via MCP forwards user identity (hi@raymind.ai) through an Authorization Bearer header from ~/.mdfy/config.json.
- A Postgres INSERT trigger on the documents table fires after doc creation, initiating downstream processes.
- pg_net sends a webhook POST to mdfy.app/api/hooks/doc-created with a webhook secret after document insertion.
- The webhook handler reads the user_id and queues an embedding request to /api/embed/{id}.
- The embedding_updated_at timestamp populates within approximately 3 seconds of the initial document creation.

## Insights
- The system uses a multi-stage async pipeline triggered by database events rather than synchronous API responses.
- Authentication is delegated to a config file rather than inline credentials, suggesting a client-side secret management pattern.
- The embedding process is intentionally decoupled from document creation and queued separately rather than computed immediately.

## Open questions / gaps
- What mechanism prevents the embedding step from being skipped on subsequent runs, and how is that state tracked?
- What is the structure and validation logic of the webhook secret passed by pg_net?

## Concepts in this document
- **MCP server** _(concept)_
  A standard protocol allowing diverse AI tools to query and interact with the memory.wiki hub.
- **Bearer token** _(concept)_
  Token-based authentication credential stored in user config and sent in Authorization headers.
- **Embedding Pipeline** _(tag)_
  The technical infrastructure for converting documents into searchable vector representations.
- **mdfy.app API** _(entity)_
  Backend API endpoints handling document creation and webhook processing.
- **Document Creation** _(concept)_
  Core capability to create markdown documents and receive shareable URLs in mdfy.
- **User authentication** _(concept)_
  Sign-in mechanism required to enable cloud sync, multi-device access, and AI features.
- **pg_net webhook** _(entity)_
  Postgres extension that asynchronously posts webhook events to external handlers.
- **Postgres INSERT trigger** _(concept)_
  Database trigger that fires when documents are inserted to initiate downstream processes.
- **MCP authenticated test** _(concept)_
  The central test procedure validating end-to-end authentication and embedding workflow for MCP server integration.
- **Authentication flow** _(concept)_
  Core mechanism being validated: reading credentials from config file and passing them as Bearer token.
- **MCP authentication** _(concept)_
  Authorization mechanism using Bearer tokens from config file to identify users in API requests.
- **Authorization Bearer header** _(concept)_
  Authentication mechanism read from config file and passed by MCP to prove user identity in API requests.

## Concept relations (within this doc's concepts)
- **MCP server** forwards via **Authorization Bearer header**
- **mdfy.app API** processes and executes **Document Creation**
- **Postgres INSERT trigger** initiates **pg_net webhook**
- **User authentication** validates **MCP authenticated test**
- **MCP server** reads and forwards **Bearer token**
- **MCP server** posts to **mdfy.app API**
- **mdfy.app API** triggers via **Postgres INSERT trigger**

_Hub canonical:_ https://memory.wiki/hub/raymindai
_Concept digest:_ https://memory.wiki/raw/hub/raymindai?digest=1&compact=1
