Pular para o conteúdo principal

Authentication

The MCP server authenticates with agent access tokens. A token belongs to one store and carries a set of scopes.

Creating a token

  1. In the Pitaia dashboard, open Connect an agent (pitaia.me/dashboard/agent).
  2. Give the token a name (e.g. My ChatGPT) and click Create token.
  3. Copy the token immediately — it is shown only once. The dialog also offers Copy MCP config, a ready-to-paste client configuration.

New tokens are created with both read and write scopes.

Using the token

Send it as a Bearer token on every request:

Authorization: Bearer YOUR_AGENT_TOKEN

MCP clients configure this as a request header — see the quickstart.

Scopes

ScopeGrants
readAnalytics, product catalog reads, memory search, store goal
writeProduct create/update, memories, theme proposals, charge drafts, reports

The server only registers the tools allowed by the token's scopes: a read-only token never even sees the write tools.

Token lifecycle

  • Tokens don't expire by default; revoke them any time from the same dashboard page (Revoke).
  • The dashboard shows each token's last-used time.
  • Treat tokens like passwords: don't commit them, and revoke any token that may have leaked.