Skip to main content

Overview

The Financial MCP Server uses a hybrid authentication model depending on the data source and deployment method. Understanding the authentication requirements is crucial for proper setup and usage.
YFinance tools require no authentication, while FMP tools require an API key for full functionality.

Authentication Methods

1. No Authentication (YFinance)

YFinance tools work immediately without any setup: 
# Works without any API keys
curl "http://localhost:8001/api/v1/stock/AAPL/yfinance"
Available without authentication:
  • Basic stock quotes
  • Company information
  • Historical data
  • Symbol search
  • Analyst recommendations
  • Insider transactions

2. FMP API Key (Professional Tools)

FMP tools require a valid API key for access: 
# Requires FMP_API_KEY environment variable
curl "http://localhost:8001/api/v1/stock/AAPL"

Getting FMP API Key

Step 1: Create Account

  1. Visit Financial Modeling Prep
  2. Click “Sign Up” to create a free account
  3. Verify your email address
  4. Complete the registration process

Step 2: Access Dashboard

  1. Log in to your FMP account
  2. Navigate to the API Dashboard
  3. Find your API key in the “API Key” section
  4. Copy the key for use in your application

Step 3: Choose Plan

PlanRequests/DayPriceFeatures
Free250$0Basic data, perfect for development
Starter1,000$15/monthProduction-ready for small apps
Professional10,000$50/monthHigh-volume applications
EnterpriseCustomCustomUnlimited with premium support

Environment Configuration

Local Development

# Set environment variables
export FMP_API_KEY="your_actual_api_key_here"
export PORT=8001

# Start the server
python3 main.py

Production Deployment

# Set environment variables in Railway dashboard
FMP_API_KEY=your_actual_api_key_here
PORT=$PORT

API Key Validation

Testing Your Setup

# Test FMP API key
curl "http://localhost:8001/api/v1/stock/AAPL"

# Expected: Stock data with "source": "FMP"

Server Response Indicators

Valid FMP API Key

{
  "symbol": "AAPL",
  "price": 201.08,
  "source": "FMP",
  "timestamp": "2025-06-28T18:42:12.471731"
}

Invalid/Missing FMP API Key

{
  "error": "FMP API key required. Set FMP_API_KEY environment variable.",
  "setup_instructions": "Get a free API key at: https://financialmodelingprep.com/developer/docs"
}

YFinance Fallback Active

{
  "symbol": "AAPL",
  "price": 201.08,
  "currency": "USD",
  "timestamp": "2025-06-28T18:42:12.471731"
}

Rate Limiting & Quotas

FMP Rate Limits

Rate limits are enforced per API key:
PlanDaily LimitPer-Minute LimitOverage
Free2505Blocked
Starter1,00020$0.01/request
Professional10,000100$0.005/request

Rate Limit Headers

FMP responses include rate limit information: 
X-RateLimit-Limit: 250
X-RateLimit-Remaining: 247
X-RateLimit-Reset: 1640995200
X-RateLimit-Used: 3

Handling Rate Limits

The server automatically handles rate limiting: 
# Automatic rate limit detection
if "rate limit" in response.get("error", "").lower():
    # Fallback to YFinance if available
    # Or return rate limit error with retry information

Security Best Practices

1. API Key Protection

✅ DO: Store API keys in environment variables
export FMP_API_KEY="your_key"
❌ DON’T: Hardcode keys in source code
# NEVER DO THIS
FMP_API_KEY = "your_actual_key_here"
✅ DO: Add .env to .gitignore
echo ".env" >> .gitignore
❌ DON’T: Commit API keys to repositories
✅ DO: Use platform environment variable systems
  • Railway: Environment Variables tab
  • Heroku: Config Vars
  • Docker: Environment variables
❌ DON’T: Include keys in Docker images or config files

2. Access Control

# Optional: Add API key validation for your endpoints
@app.middleware("http")
async def validate_access(request: Request, call_next):
    # Add your own authentication logic here
    response = await call_next(request)
    return response

3. Monitoring & Alerting

# Monitor API usage
@app.middleware("http")
async def log_requests(request: Request, call_next):
    start_time = time.time()
    response = await call_next(request)
    process_time = time.time() - start_time
    
    logger.info("Request processed", extra={
        "path": request.url.path,
        "method": request.method,
        "process_time": process_time,
        "status_code": response.status_code
    })
    
    return response

Troubleshooting

Common Issues

Symptoms: 401 Unauthorized errorsSolutions:
  • Verify API key is correct (copy-paste from FMP dashboard)
  • Check environment variable is set: echo $FMP_API_KEY
  • Restart server after setting environment variables
  • Ensure no extra spaces or characters in the key
Symptoms: 429 Too Many Requests errorsSolutions:
  • Check your FMP dashboard for usage statistics
  • Implement caching to reduce API calls
  • Upgrade to higher tier plan
  • Use YFinance endpoints for basic data
Symptoms: Server uses “demo” key despite setting FMP_API_KEYSolutions:
  • Restart terminal/shell after setting variables
  • Use printenv | grep FMP to verify variables are set
  • Check .env file is in correct directory
  • Ensure proper syntax in environment files

Debugging Commands

# Verify environment variables
echo "FMP API Key: $FMP_API_KEY"
echo "Port: $PORT"

# Check if variables are exported
printenv | grep FMP

Migration Guide

From Demo to Production

  1. Get Production API Key 
    # Replace demo key with production key
export FMP_API_KEY="your_production_key"
  2. Update Deployment Configuration 
    # Update your deployment platform
# Railway: Environment Variables
# Heroku: heroku config:set FMP_API_KEY=new_key
  3. Test Production Setup 
    # Verify production key works
curl "http://your-domain.com/api/v1/stock/AAPL"
  4. Monitor Usage
    • Check FMP dashboard regularly
    • Set up usage alerts
    • Plan for scaling if needed

Next Steps

Get FMP API Key

Sign up for free FMP account

Installation Guide

Complete server setup instructions

API Reference

Explore all available endpoints

Deployment Guide

Deploy to production platforms