Meta Pixel Spur MCP Security and Production Readiness
Docs / MCP
OverviewQuickstartToolsErrorsSecurityChangelog
Security

Production security checklist

Use this checklist before enabling Spur MCP for external assistants and automated agents.

Baseline controls

  • Transport: Streamable HTTP
  • Endpoint: https://api.spurnow.com/mcp
  • Auth: Bearer API key
  • Workspace context derives from authenticated key
  • Tool scope is intentionally limited to five operations

Hardening checklist

  • Use distinct API keys per environment and per integration consumer
  • Store keys in secret management, never in prompts or committed files
  • Rotate keys regularly and immediately after suspected exposure
  • Apply least privilege at account and workspace levels
  • Log tool usage and alert on unusual call patterns
  • Block unnecessary PII in prompt and output layers
  • Retry transient failures with backoff and cap retry attempts

Client-side safeguards

  • Use explicit allow-lists for tool invocation
  • Gate high-risk send operations with user confirmation
  • Surface statusCode, message, hints, and traceId to operators
  • When fbtrace_id exists, include it in support escalations