Authorization: Bearer <token> header. The server first tries the OAuth (JWT) path; if the token isn’t a valid JWT, it looks the token up as an org API token and authenticates the request at the org level. Authorization checks still apply.
April
Flaky Tests: API Token Auth for the Trunk MCP Server
The Trunk MCP server now accepts a Trunk organization API token via the Authorization: Bearer header, so you can use Trunk’s MCP tools from CI jobs, scripts, and any client that doesn’t support an OAuth flow.
The Trunk MCP server now accepts API token authentication as an alternative to OAuth, so you can use Trunk’s MCP tools from CI jobs, scripts, and any client that doesn’t support an OAuth flow.
OAuth stays the default for interactive clients. For headless and CI use, pass a Trunk organization API token via the standard
Read the docs to learn more.