diff --git a/buildgrid/server/instance.py b/buildgrid/server/instance.py
index 0ecaa4dc3d860b6d6a160f5227b4319f1be8b64e..978bf734514159d0bf355a3293f7722c075b66af 100644
--- a/buildgrid/server/instance.py
+++ b/buildgrid/server/instance.py
@@ -26,6 +26,7 @@ import grpc
 from buildgrid._enums import BotStatus, MetricRecordDomain, MetricRecordType
 from buildgrid._protos.buildgrid.v2 import monitoring_pb2
 from buildgrid.server.actioncache.service import ActionCacheService
+from buildgrid.server._authentication import AuthMetadataMethod, AuthMetadataAlgorithm, AuthMetadataServerInterceptor
 from buildgrid.server.bots.service import BotsService
 from buildgrid.server.cas.service import ByteStreamService, ContentAddressableStorageService
 from buildgrid.server.execution.service import ExecutionService
@@ -44,11 +45,21 @@ class BuildGridServer:
     requisite services.
     """
 
-    def __init__(self, max_workers=None, monitor=False):
+    def __init__(self, max_workers=None, monitor=False, auth_method=AuthMetadataMethod.NONE,
+                 auth_secret=None, auth_algorithm=AuthMetadataAlgorithm.NONE):
         """Initializes a new :class:`BuildGridServer` instance.
 
         Args:
             max_workers (int, optional): A pool of max worker threads.
+            monitor (bool, optional): Whether or not to globally activate server
+                monitoring. Defaults to ``False``.
+            auth_method (AuthMetadataMethod, optional): Authentication method to
+                be used for request authorization. Defaults to ``NONE``.
+            auth_secret (str, optional): The secret or key to be used for
+                authorizing request using `auth_method`. Defaults to ``None``.
+            auth_algorithm (AuthMetadataAlgorithm, optional): The crytographic
+                algorithm to be uses in combination with `auth_secret` for
+                authorizing request using `auth_method`. Defaults to ``NONE``.
         """
         self.__logger = logging.getLogger(__name__)
 
@@ -56,8 +67,17 @@ class BuildGridServer:
             # Use max_workers default from Python 3.5+
             max_workers = (os.cpu_count() or 1) * 5
 
+        self.__grpc_auth_interceptor = None
+        if auth_method != AuthMetadataMethod.NONE:
+            self.__grpc_auth_interceptor = AuthMetadataServerInterceptor(
+                method=auth_method , secret=auth_secret , algorithm=auth_algorithm)
         self.__grpc_executor = futures.ThreadPoolExecutor(max_workers)
-        self.__grpc_server = grpc.server(self.__grpc_executor)
+
+        if self.__grpc_auth_interceptor is not None:
+            self.__grpc_server = grpc.server(
+                self.__grpc_executor, interceptors=(self.__grpc_auth_interceptor,))
+        else:
+            self.__grpc_server = grpc.server(self.__grpc_executor)
 
         self.__main_loop = asyncio.get_event_loop()
         self.__monitoring_bus = None