{
  "$comment": "OAuth 2.0 Protected Resource Metadata (RFC 9728). The Razorpay REST API primarily uses HTTP Basic Auth with API keys. OAuth bearer tokens are supported when accessing via the Razorpay MCP server (mcp.razorpay.com).",
  "resource": "https://razorpay.com",
  "authorization_servers": [
    "https://mcp.razorpay.com"
  ],
  "bearer_methods_supported": ["header"],
  "scopes_supported": ["read_only"],
  "resource_documentation": "https://razorpay.com/.well-known/api-catalog.json",
  "x-primary-auth": {
    "method": "http_basic",
    "description": "HTTP Basic Auth — key_id as username, key_secret as password (base64-encoded). This is the primary and recommended authentication method for direct REST API access.",
    "key_management_url": "https://dashboard.razorpay.com/app/website-app-settings/business-website-details",
    "agents_reference": "https://razorpay.com/agents.md"
  }
}
