Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.navisops.com/llms.txt

Use this file to discover all available pages before exploring further.

Every request to the Navis Ops API and MCP server must include a valid bearer token. Navis Ops supports two authentication methods: API keys for straightforward integrations and OAuth 2.1 for clients that handle the authorization flow themselves. Both methods produce a token you pass in the same Authorization header, so the rest of your integration code is identical regardless of which method you choose.

Choosing an authentication method

API Keys

Create a token in Settings and copy it once. Works with any HTTP client or AI assistant. Best when you control the environment and can store the token securely.

OAuth 2.1

Let your client handle the authorization flow automatically. Recommended for AI clients like Claude Desktop and Cursor that natively support MCP OAuth.

When to use each method

API KeysOAuth 2.1
Setup time~30 secondsAutomatic via client
Works with any HTTP clientYesDepends on client support
Token rotationManualAutomatic
Recommended forScripts, CI, manual integrationsClaude Desktop, Cursor, MCP-native clients
RevocationSettings → Connected Apps → RevokeSettings → Connected Apps → Disconnect

Sending a request

Both methods use the same Authorization header format. Include your token as a bearer credential on every request: 
Authorization: Bearer nops_your_token_here
Here is a complete example using curl: 
curl https://<your-supabase-project>.supabase.co/functions/v1/mcp-server-v2 \
  -H "Authorization: Bearer nops_your_token_here" \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":1,"method":"tools/list","params":{}}'
OAuth access tokens use the same header format — replace the nops_ prefixed API key with your OAuth bearer token.

Error responses

If your request fails authentication or authorization, Navis Ops returns one of two error codes:
Your request did not include a token, or the token could not be validated (wrong value, revoked, or expired). Check that the Authorization header is present and that the token value is correct.
{
  "error": "unauthorized",
  "message": "Missing or invalid authorization token."
}
Common causes:
  • The Authorization header is missing entirely
  • The token was revoked in Settings → Connected Apps
  • An OAuth access token expired and was not refreshed
  • The token value has a typo or was truncated at copy time
Your token is valid but does not have the scope required for the operation. Read-only tokens (mcp:read) cannot call write tools.
{
  "error": "forbidden",
  "message": "This operation requires the mcp:write scope."
}
To resolve this: create a new API key with Read + Write enabled, or disconnect and reconnect your OAuth client approving the mcp:write scope.

Next steps

Create an API key

Generate a token from Settings in under a minute.

Set up OAuth 2.1

Use OAuth for clients that support the MCP authorization flow.