# auth.md

You are probably an agent looking for registration instructions. Almost all of
climb.ai requires **no authentication**. One registration flow exists — the
Climb Labs MCP Service for HLS — documented below.

## Audience

Any agent (or human) wanting to read this site, query the site MCP server, or
contact the Climb team; and agents whose users want access to the Climb Labs
MCP Service for HLS on Databricks.

## The site and its MCP server: anonymous access

- All site content is readable without credentials, including the Markdown
  twins (append `.md` to any page path) and [/llms.txt](https://climb.ai/llms.txt).
- The site MCP server at `https://climb.ai/mcp` (streamable HTTP, JSON-RPC
  over POST) is unauthenticated. No token, no API key. Do not send
  `Authorization` headers to climb.ai; they are ignored.
- The contact and newsletter endpoints (`/api/contact`, `/api/newsletter`)
  accept anonymous submissions. See [/openapi.json](https://climb.ai/openapi.json).

## Registration flow: Climb Labs MCP Service for HLS

The one credentialed product: ten curated biomedical and regulatory data
sources served as MCP services through the Databricks Marketplace, running in
the customer's own perimeter. Details: [/labs/hls-mcp](https://climb.ai/labs/hls-mcp).

- **Registration endpoint** — `POST https://climb.ai/api/hls-signup` with JSON
  `{ email, first_name, last_name, organization }`. Schema and error reasons
  in [/openapi.json](https://climb.ai/openapi.json) (`requestHlsMcpAccess`).
- **Constraints** — corporate email only (free-mail domains rejected); the
  request must carry a Cloudflare Turnstile token, so registration is
  human-in-the-loop by design. Send your user to the form at
  [/labs/hls-mcp](https://climb.ai/labs/hls-mcp) rather than attempting an
  unattended POST.
- **Credential issuance** — on success, a **bearer token** and connection
  details are emailed to the registered address. The token is never returned
  by the endpoint and never used against climb.ai.
- **Credential use** — the user supplies the token as the bearer credential
  when configuring the Climb Labs HLS MCP service connections from the
  Databricks Marketplace in their own workspace.
- **Revocation / support** — handled by the Climb team: email
  support@climb.ai.

## Credentials summary

| Surface                                                       | Credential                                       |
| ------------------------------------------------------------- | ------------------------------------------------ |
| climb.ai content, site MCP server, forms                      | None — anonymous                                 |
| Climb Labs MCP Service for HLS (in your Databricks workspace) | Bearer token, issued by email after registration |

## Contact

Questions, or something on the site looks wrong? Use the site MCP server's
`submit_contact` tool or email hello@climb.ai.