Authentication
The MCP server authenticates with agent access tokens. A token belongs to one store and carries a set of scopes.
Creating a token
- In the Pitaia dashboard, open Connect an agent (pitaia.me/dashboard/agent).
- Give the token a name (e.g.
My ChatGPT) and click Create token. - Copy the token immediately — it is shown only once. The dialog also offers Copy MCP config, a ready-to-paste client configuration.
New tokens are created with both read and write scopes.
Using the token
Send it as a Bearer token on every request:
Authorization: Bearer YOUR_AGENT_TOKEN
MCP clients configure this as a request header — see the quickstart.
Scopes
| Scope | Grants |
|---|---|
read | Analytics, product catalog reads, memory search, store goal |
write | Product create/update, memories, theme proposals, charge drafts, reports |
The server only registers the tools allowed by the token's scopes: a read-only token never even sees the write tools.
Token lifecycle
- Tokens don't expire by default; revoke them any time from the same dashboard page (Revoke).
- The dashboard shows each token's last-used time.
- Treat tokens like passwords: don't commit them, and revoke any token that may have leaked.