Agent Authentication — CONNTEK Design Center
How AI agents can access CONNTEK's product APIs and tools. This document describes the actual auth model, honestly: most of it is open, and there is currently no self-serve OAuth flow.
Public read API — no authentication
The product-catalog REST API is public and unauthenticated. No token, key, or registration is required to read it.
- API base:
https://conntek-aibridge.liyandong0514.workers.dev - OpenAPI spec: https://chat.connteck.com/openapi.json
- API catalog (RFC 9727): https://chat.connteck.com/.well-known/api-catalog
GET endpoints:
/api/v1/products— list active products/api/v1/products/search— search by spec / use-case/api/v1/products/{part_number}— full product detail/api/v1/categories— category list/api/v1/cross-reference— competitor replacement lookup/api/v1/health— health check
MCP tools — no authentication
The MCP server exposes read-only product tools and requires no credentials.
- Endpoint:
https://conntek-aibridge.liyandong0514.workers.dev/mcp(Streamable HTTP) - Server card: https://chat.connteck.com/.well-known/mcp/server-card.json
- Skills index: https://chat.connteck.com/.well-known/agent-skills/index.json
Protected endpoints — API key, issued manually
The conversational /agent/* endpoints (LLM chat, sessions) require an API key or session bearer token, issued manually. There is currently no automated OAuth 2.0 / OIDC flow for agents — /.well-known/oauth-authorization-server and /.well-known/oauth-protected-resource are intentionally not published, because we do not yet operate a real delegated-authorization server and would rather not advertise one that does not exist.
To request an API key, contact us via https://chat.connteck.com/contact/.
Summary
| Capability | Auth |
|---|---|
| Read product catalog (REST) | None — open |
| MCP tools (read-only) | None — open |
Conversational /agent/* (chat, write) | API key by request (no self-serve OAuth yet) |