TsgcWSAPIServer_MCP › Properties › MCPOptions
Core MCP server settings: ServerInfo, SessionTimeout and authentication policies.
property MCPOptions: TsgcAI_MCP_Server_Options read FMCPOptions write SetMCPOptions;—
Aggregates the runtime configuration consumed by the underlying TsgcAI_MCP_Server engine. Use ServerInfo to set the name and version advertised during the MCP handshake, SessionTimeout to control how long an idle session survives before it is deleted (and OnMCPSessionEnd fires), and AuthenticationOptions to enforce CustomHeader and/or ApiKey (Authorization: Bearer <value>) validation on every HTTP round-trip. Changes take effect on subsequent requests; existing sessions keep the previously negotiated capabilities.
When AuthenticationOptions.ApiKey is enabled, the MCP server automatically exposes an OAuth 2.1 authorization flow on the same HTTP server, including /.well-known/oauth-authorization-server (RFC 8414), /.well-known/oauth-protected-resource (RFC 9728), /oauth/register (RFC 7591 dynamic client registration), /oauth/authorize (renders an HTML consent form) and /oauth/token (PKCE S256, authorization-code and refresh-token grants). The value configured in ApiKey.Value is reused as the password the user must enter on the consent form to approve a connector. Once approved, the bearer token issued by /oauth/token is accepted on subsequent /mcp calls in addition to the static ApiKey.Value. OAuth clients, codes and tokens are stored in memory and are lost when the server restarts. See the component overview page for the full list of built-in HTTP endpoints.
MCPServer.MCPOptions.ServerInfo.Name := 'sgc-mcp-server';
MCPServer.MCPOptions.ServerInfo.Version := '1.0.0';
MCPServer.MCPOptions.SessionTimeout := 60000;
MCPServer.MCPOptions.AuthenticationOptions.ApiKey.Enabled := True;
MCPServer.MCPOptions.AuthenticationOptions.ApiKey.Value := 'super-secret-token';