Scalekit: Auth Stack for AI Apps is now GA
.webp)
Software has always assumed a human at the other end of the login screen. You authenticate once, set a session, and that identity lives until logout.
But agentic software breaks that model.
AI agents don’t log in, hang around, and log out. They:
- Spin up dynamically, often per task or workflow.
- Need ephemeral identities that exist only for the lifetime of that task.
- Operate with scoped, least-privilege permissions — not blanket, long-lived access.
- Often act on behalf of users, which requires delegated consent and revocation.
These are entirely new identity primitives. And they don’t fit into systems built around passwords, long sessions, and static app registrations.
When the Model Context Protocol (MCP) first started gaining traction, developers rushed to expose their products as MCP servers. But in practice, most of these servers ran locally, wired up for demos rather than production. The missing piece? Authentication.
Without a secure way to prove which agents should connect (And what data they should be allowed to touch), MCP servers weren’t ready for mainstream adoption. That’s why we built one of the first dedicated solutions for a drop-in authorization server: An external layer that handles authentication outside the MCP server itself. This design soon became part of the official MCP spec.
At the same time, developers building agents ran into a parallel wall. In a dev environment, an agent acting for a single user works fine. But move that into production — where hundreds of users expect those agents to take real actions in Gmail, Slack, or Salesforce — and the whole setup cracks. Tokens are hard-coded, consent flows don’t exist, and security becomes guesswork.
Those two realities shaped our roadmap. Today, we’re making it official:
Scalekit’s Auth Stack for AI Apps is generally available.
(And yes, we’ve also raised a $5.5M seed led by Together Fund and Z47 to keep shipping ahead of the curve.)
The new modules in the Auth Stack for AI Apps
MCP Auth: For MCP developers
If you’re building an MCP server, the first blocker is always the same: How do you securely let agents in?
With MCP Auth, you don’t need to roll your own OAuth layer. Scalekit gives you a drop-in authorization server that:
- Implements OAuth 2.1 with dynamic client registration.
- Issues scoped, short-lived tokens tied to workflows, datasets, or projects.
- Runs as an external auth layer, so your MCP server logic stays clean.
Instead of shipping a local MCP demo that anyone can poke at, you can expose a production-ready endpoint that enforces exactly which agents get access, and under what conditions.
Agent Actions: For agent builders
Building an agent that works for one user in dev is easy. Making it work for hundreds of users in production is where things break:
- Tokens get hard-coded.
- Consent flows are missing.
- There’s no safe way to refresh or revoke credentials.
- And every new integration requires hand-rolled OAuth code.
Agent Actions fixes that by giving your agents a turnkey execution layer:
- A secure token vault, scoped per user and per tool.
- A consent orchestrator that handles approvals and revocations.
- Automatic token rotation so credentials don’t linger.
- A tool-calling layer that standardizes how agents invoke external apps (calendars, CRMs, chat, docs, storage).
- Tool metadata so your agent knows which actions are supported, with the right params and scopes.
- Prebuilt connectors for Gmail, Slack, HubSpot, Notion, Salesforce, and more.
The result: your Slack bot posts with the right user’s token, your CRM agent edits only the allowed fields, and your workflows don’t collapse under bespoke OAuth hacks.
One stack for Human+Agent
Most B2B teams don’t just have agents. They have human users too. Scalekit’s auth stack is designed to handle both sides together:
- Human auth→ Passwordless login, OTP, social sign-in
- Enterprise auth→ SSO, SCIM, admin portals
- API/M2M auth→ Service accounts, lifecycle management
- Agentic auth→ MCP Auth+Agent Actions on the same platform
You don’t need to juggle parallel systems. One stack covers all your identity needs.
What’s next
This launch is only the start. Our $5.5M seed round — led by Together Fund and Z47 with support from Adam Frankl, Oliver Jay, Jagadeesh Kunda, and others — is a bet on a simple but radical idea: Authentication has to be reimagined for the agentic era. These investors backed us because they see the same shift we do: That agent identity is not a feature but a new foundation layer for software.
We’re putting that capital to work across the stack:
- Deeper agent actions → Richer tool-calling semantics, structured tool metadata, lifecycle governance, and a growing library of prebuilt integrations.
- Expanded MCP auth → Tighter support for the evolving spec, background agent support, and more granular scope controls.
- Human + Enterprise auth → Continuing to ship passwordless flows, SSO, SCIM, and admin tooling so B2B teams don’t have to run parallel systems.
- Observability and security → Fine-grained audit logs, policy-driven revocation, and rate limiting that scales with production workloads.
The meta goal: Make it possible for more agentic apps to move into production without worrying about security.
Start building
- Explore MCP Auth → Secure your MCP server with a drop-in authorization server.
- Enable Agent Actions → Ship tool calling with consent, token vault, and metadata-aware actions.
- Manage complete auth with Scalekit’s full stack auth → Complete auth infra for modern applications
