Authentication
Operating Modes
Section titled “Operating Modes”Documentation Mode (Default)
Section titled “Documentation Mode (Default)”No credentials required. The server provides:
- API documentation and schema information
- Parameter descriptions and validation
- CURL command examples
- Dependency and prerequisite guidance
Execution Mode
Section titled “Execution Mode”Requires valid credentials. Adds:
- Direct API execution against your tenant
- Resource creation, reading, updating, deletion
- Real-time status queries
- Configuration deployment
Authentication Methods
Section titled “Authentication Methods”API Token
Section titled “API Token”The simplest authentication method.
Getting an API Token
Section titled “Getting an API Token”- Log into F5 Distributed Cloud Console
- Navigate to Administration -> Personal Management -> Credentials
- Click Add Credentials
- Select API Token
- Set expiration and copy the token
Configuration
Section titled “Configuration”Set environment variables:
export F5XC_API_URL="https://your-tenant.console.ves.volterra.io"export F5XC_API_TOKEN="your-api-token-here"For MCP JSON configuration, see IDE Setup.
P12 Certificate (mTLS)
Section titled “P12 Certificate (mTLS)”More secure, certificate-based authentication.
Getting a P12 Certificate
Section titled “Getting a P12 Certificate”- Log into F5 Distributed Cloud Console
- Navigate to Administration -> Personal Management -> Credentials
- Click Add Credentials
- Select API Certificate
- Download the
.p12file and note the password
Configuration
Section titled “Configuration”export F5XC_API_URL="https://your-tenant.console.ves.volterra.io"export F5XC_P12_BUNDLE="/absolute/path/to/certificate.p12"export F5XC_P12_PASSWORD="your-certificate-password"For MCP JSON configuration, see IDE Setup.
PEM Certificate
Section titled “PEM Certificate”An alternative to P12 bundles using separate certificate and key files:
export F5XC_API_URL="https://your-tenant.console.ves.volterra.io"export F5XC_CERT="/path/to/certificate.pem"export F5XC_KEY="/path/to/private-key.pem"See Environment Variables for details.
URL Normalization
Section titled “URL Normalization”The server automatically normalizes various URL formats:
| You Enter | Normalized To |
|---|---|
https://tenant.volterra.us | https://tenant.console.ves.volterra.io/api |
https://tenant.volterra.us/ | https://tenant.console.ves.volterra.io/api |
https://tenant.volterra.us/api | https://tenant.console.ves.volterra.io/api |
https://tenant.console.ves.volterra.io | https://tenant.console.ves.volterra.io/api |
https://tenant.staging.volterra.us | https://tenant.staging.console.ves.volterra.io/api |
You can use any of these formats - the server handles the conversion.
Profile-Based Configuration
Section titled “Profile-Based Configuration”For managing multiple F5XC tenant credentials, use profiles stored in ~/.config/f5xc/profiles/.
Using the Configure Auth Tool
Section titled “Using the Configure Auth Tool”The easiest way to configure authentication is through Claude. Ask Claude to configure authentication:
“Configure F5XC authentication with my tenant”
Claude will use the f5xc-api-configure-auth tool to:
- Check current authentication status
- Prompt you for tenant URL and API token
- Save credentials to a profile
- Set the profile as active
MCP Tool Actions
Section titled “MCP Tool Actions”| Action | Description |
|---|---|
status | Check current authentication state |
configure | Save credentials to a new or existing profile |
list-profiles | List all available profiles |
set-active | Switch to a different profile |
Profile Storage
Section titled “Profile Storage”Profiles are stored in ~/.config/f5xc/profiles/ (XDG Base Directory compliant):
~/.config/f5xc/├── active_profile # Name of the active profile└── profiles/ ├── default.json # Default profile ├── production.json # Production tenant └── staging.json # Staging tenantCredential Priority
Section titled “Credential Priority”The server loads credentials in this order:
- Environment variables (highest priority) - Always override profiles
- Active profile - From
~/.config/f5xc/ - No credentials - Documentation mode (lowest priority)
Security Best Practices
Section titled “Security Best Practices”Never Commit Credentials
Section titled “Never Commit Credentials”Add to .gitignore:
.env*.p12*.pemUse Environment Files
Section titled “Use Environment Files”Create .env (not committed) and reference via envFile in your IDE configuration.
Rotate Credentials Regularly
Section titled “Rotate Credentials Regularly”- API tokens: Rotate every 90 days
- Certificates: Use short-lived certificates when possible
Least Privilege
Section titled “Least Privilege”Create service accounts with minimal required permissions for automation.
Verifying Authentication
Section titled “Verifying Authentication”Check authentication status:
“Get the F5XC API server info”
Response for authenticated mode:
{ "mode": "execution", "authenticated": true, "authMethod": "token", "tenantUrl": "https://your-tenant.console.ves.volterra.io/api"}Response for unauthenticated mode:
{ "mode": "documentation", "authenticated": false, "authMethod": "none"}Next Steps
Section titled “Next Steps”- IDE Setup - MCP JSON configuration for all editors
- Environment Variables - Complete variable reference
- Troubleshooting - Auth-specific troubleshooting