Appearance
Authentication
The Vio MCP server supports two access tiers: anonymous (no API key) and partner (API key with optional IP allowlisting).
Anonymous access
The MCP endpoint is open to the public — anyone can point an MCP-capable client at https://mcp.vio.com/mcp and start using it without an API key. Anonymous traffic shares a single upstream rate limit, so it is intended for casual use, demos, and evaluation. If your integration needs predictable quota, request a partner API key.
POST https://mcp.vio.com/mcpWhen the rate limit is hit, the server returns an MCP error message asking the user to wait a couple of minutes. Clients should not retry automatically.
Partner API keys
For higher-volume integrations and predictable quota, your Vio representative can issue a partner API key. The key is passed as a query parameter on every request:
POST https://mcp.vio.com/mcp?api_key=YOUR_API_KEYPartner traffic uses a separate upstream tier that is not affected by anonymous saturation.
IP allowlisting
Partner API keys can optionally be restricted to specific IP ranges. When configured, requests from unauthorized IPs receive a 403 Forbidden response — enforced at the edge before requests reach the origin server, so latency is unaffected. Anonymous requests are not subject to IP allowlisting.
Requesting partner access
To get a partner API key for your integration:
- Contact your Vio representative
- Provide your expected IP ranges (if applicable)
- Specify your use case (for usage monitoring configuration)
- Receive your API key and endpoint details
Security notes
- API keys identify the client and are not secrets — IP allowlisting provides the actual access control
- All traffic is encrypted via TLS (HTTPS only)
- No user authentication data (passwords, tokens) is required or stored
- The server does not access or store end-user PII