Architecture Overview
TengineAI is a hosted MCP execution layer that sits between your AI runtime and the HTTP APIs your model needs to call. You register tools that point at your APIs. TengineAI handles the rest.
System Diagram
┌─────────────────────────────────────────────────────────────────────────┐
│ Your Application │
│ │
│ ┌──────────────┐ mcp_servers=[{ │
│ │ Anthropic SDK│ "url": "https://app.tengine.ai/mcp/", │
│ │ (or Claude │ "authorization_token": "<api_key or tng_mst_>" │
│ │ Desktop) │ }] │
│ └──────┬───────┘ │
└──────────┼──────────────────────────────────────────────────────────────┘
│ HTTPS / MCP protocol
▼
┌─────────────────────────────────────────────────────────────────────────┐
│ TengineAI Execution Layer │
│ │
│ ┌─────────────────┐ ┌──────────────────┐ ┌──────────────────────┐ │
│ │ Auth Middleware │──▶│ MCP Server │◀──│ Tool Registry │ │
│ │ │ │ │ │ │ │
│ │ API Key │ │ - List tools │ │ crm-contacts-lookup │ │
│ │ tng_mst_ token │ │ - Execute tools │ │ billing-invoices-get│ │
│ └─────────────────┘ │ - Return results│ │ analytics-events-...│ │
│ └────────┬─────────┘ │ (any HTTP endpoint) │ │
│ ┌─────────────────┐ │ └──────────────────────┘ │
│ │ Session Store │ │ │
│ │ (per-project │ │ │
│ │ auth context) │ │ │
│ └─────────────────┘ │ │
└─────────────────────────────────┼───────────────────────────────────────┘
│ Authenticated outbound requests
│ (HMAC-signed or Bearer token)
┌────────────────────────┼────────────────────────┐
│ │ │
▼ ▼ ▼
┌───────────────┐ ┌─────────────────┐ ┌──────────────────┐
│ Your CRM │ │ Your Billing │ │ Any Public API │
│ │ │ Service │ │ │
│ POST /lookup │ │ GET /invoice │ │ GET /posts/:id │
└───────────────┘ └─────────────────┘ └──────────────────┘
▲ ▲ ▲
└────────────────── Your APIs ────────────────────┘
Execution Flow
When the model calls a tool, this is the exact sequence:
- Client connects — Your SDK or MCP client sends a request to
https://app.tengine.ai/mcp/with anAuthorization: Bearer <token>header - Authentication — TengineAI validates the token: either a project API key (
tengine_...) or a member session token (tng_mst_...) - Session context established — TengineAI resolves which project, integration, and (if applicable) member this request belongs to
- Tool list served — TengineAI returns only the tools enabled for this project. The model sees nothing outside that scope.
- Tool selected — The model picks the appropriate tool and sends a call with its arguments
- Request rendered — TengineAI renders the URL and body templates, substituting user-provided arguments and reserved variables (
{{member_id}},{{project_id}}) - Identity injected — TengineAI adds
X-Tengine-*headers to the outbound request (project ID, member ID, request ID, timestamp) - Outbound auth applied — TengineAI signs the request with HMAC-SHA256 or adds a bearer token, depending on the tool's
auth_strategy - Your API called — TengineAI sends the authenticated request to your endpoint
- Result returned — Your API's response is passed back to the model as tool output
- Model responds — The model synthesizes the tool output into a final response
Authentication Layers
TengineAI has two distinct authentication concerns — they are completely separate:
| Layer | Direction | Purpose |
|---|---|---|
| Inbound auth | Client → TengineAI | Proves the client is allowed to use this project |
| Outbound auth | TengineAI → Your API | Proves TengineAI is the legitimate caller |
You control inbound auth (API keys or member session tokens). You configure outbound auth per tool (none, bearer token, or HMAC signature).
Two Inbound Auth Modes
API Key mode (project-scoped):
Your code ──[tengine_...]──▶ TengineAI ──▶ Tool executes as project
No member context
User-Scoped mode (member-scoped):
Your backend mints tng_mst_ token per user
Your code ──[tng_mst_...]──▶ TengineAI ──▶ Tool executes as user_123
X-Tengine-Member-Id: user_123
injected into all outbound calls
Key Design Properties
You own the APIs — TengineAI does not provide prebuilt connectors. You register the HTTP endpoints the model should call. This gives you full control over what the model can access and how.
Project isolation — Each project has its own tool list, integrations, and configuration. A token from Project A cannot access tools or data from Project B under any circumstances.
Tool gating — Tools are opt-in per project. A model connected to your project can only discover and execute tools you have explicitly enabled. Disabled tools are invisible.
Secrets never cross the boundary — HMAC secrets and bearer tokens are stored encrypted at rest. They are decrypted in-memory at execution time and never included in any response to the model or client.
Template rendering — URL paths, query parameters, headers, and request bodies are rendered from templates at execution time. Reserved variables ({member_id}, {project_id}) are injected automatically from the authenticated session context.
Next Steps
- Get Started in 5 Minutes — Register a tool and run your first model-invoked API call
- Custom Tools — How to define tools, templates, and authentication
- Authentication — API Keys — Inbound auth for project-scoped access
- Authentication — User-Scoped Sessions — Inbound auth for per-user attribution
- Security Model — How credentials are stored and protected