Build the Authorization header value for gateway requests.
Keys that already contain a valid RFC 7235 scheme token followed by
whitespace (e.g. "Bearer …", "Token …", "AWS4-HMAC-SHA256 …") are passed
through unchanged. Otherwise the raw key is sent directly unless
EP_MCP_GATEWAY_AUTH_SCHEME is set to a valid token, in which case that
scheme prefix is prepended. The EP MCP gateway expects raw-token auth by
default (no "Bearer " prefix).
Parameters
apiKey: string
Raw or pre-prefixed gateway API key
Returns string
Authorization header value, or empty string for empty keys
Throws
When the API key contains CR or LF (header injection risk)
Build the Authorization header value for gateway requests.
Keys that already contain a valid RFC 7235 scheme token followed by whitespace (e.g. "Bearer …", "Token …", "AWS4-HMAC-SHA256 …") are passed through unchanged. Otherwise the raw key is sent directly unless
EP_MCP_GATEWAY_AUTH_SCHEMEis set to a valid token, in which case that scheme prefix is prepended. The EP MCP gateway expects raw-token auth by default (no "Bearer " prefix).