Skip to main content
API keys are the fastest way to authenticate with Navis Ops. You create one in Settings, copy it once, and use it as a bearer token in every request. API keys work with any HTTP client, any AI assistant, and any language — no OAuth flow required. The token starts with nops_ so you can identify it easily in configuration files and logs.

Creating an API key

1

Open Connected Apps

In the Navis Ops sidebar, click Settings, then navigate to Connected Apps.
2

Create a new key

Click Create API key. Give the key a descriptive name — for example, “Claude Desktop” or “CI pipeline” — so you know what it is for when you need to revoke it later.
3

Pick a scope

Choose the level of access the key needs:
ScopeLabel in UIWhat it grants
mcp:readReadRead access to all workspace data
mcp:writeRead + WriteRead access plus the ability to create, update, and delete data
mcp:write implies mcp:read. There is no per-tool access control — a write-scoped key grants every write operation. If you want a key that can only read data, choose Read.
4

Set an expiration (optional)

You can set an expiration date at creation time. API keys do not expire by default — they stay active until you revoke them. Set an expiration if you want the key to stop working automatically after a certain date.
5

Copy the token immediately

Click Create. Navis Ops shows the full token exactly once. Copy it now — it starts with nops_ and will not be shown again.
If you lose an API key, you cannot retrieve it. Revoke the existing key and create a new one.

Using an API key in requests

Pass the token in the Authorization header as a bearer credential on every request:
Authorization: Bearer nops_your_token_here

Example: calling the MCP server

curl https://<your-supabase-project>.supabase.co/functions/v1/mcp-server-v2 \
  -H "Authorization: Bearer nops_your_token_here" \
  -H "Content-Type: application/json" \
  -d '{
    "jsonrpc": "2.0",
    "id": 1,
    "method": "tools/list",
    "params": {}
  }'

Example: AI client configuration

Most AI clients accept a static header for MCP server authentication. The exact configuration format varies by client — check your client’s documentation for its MCP config file syntax. The key fields are always:
  • Server URL: https://<your-supabase-project>.supabase.co/functions/v1/mcp-server-v2
  • Authorization header: Bearer nops_your_token_here
{
  "mcpServers": {
    "navis-ops": {
      "url": "https://<your-supabase-project>.supabase.co/functions/v1/mcp-server-v2",
      "headers": {
        "Authorization": "Bearer nops_your_token_here"
      }
    }
  }
}

Managing API keys

Viewing active keys

All your active API keys appear in Settings → Connected Apps. Each row shows the key name, scope, creation date, expiration date (if set), and the last time the key was used.

Revoking a key

To revoke a key, click Revoke next to it in Settings → Connected Apps. Revocation is immediate — the next request using that key returns a 401 Unauthorized response.
Use separate API keys for each client or integration. That way, if you need to revoke one, you do not affect the others.

Best practices

  • One key per client. Create a separate key for each AI assistant, script, or integration. This makes it easy to revoke access for one client without disrupting others.
  • Use read-only scope when possible. If your integration only needs to read data, create a mcp:read key. Reserve mcp:write keys for integrations that need to create or modify workspace data.
  • Set an expiration for temporary use. If you’re creating a key for a short-lived script or test, set an expiration date so the key automatically becomes inactive when you no longer need it.
  • Store keys as environment variables. Never hard-code an API key in source code. Use environment variables or a secrets manager.
  • Revoke keys you no longer use. Inactive keys still grant access. Revoke them when the integration is retired.