INTEGRATION3 min read
Authentication
How to authenticate API requests to Conexor
Authentication Methods
JWT Bearer Token
Server-to-server authentication. Best for automated systems.
bash
curl -X POST https://app.conexor.io/api/auth/login -H "Content-Type: application/json" -d '{"email":"[email protected]","password":"your_password"}'API Key
Server-to-server authentication. Best for automated systems.
bash
# MCP endpoint
curl -X POST https://app.conexor.io/mcp/acme/sales-api -H "X-API-Key: mcp_xxxxx"
# Agent endpoint
curl -X POST https://app.conexor.io/api/plugins/register -H "X-API-Key: pk_live_xxxxx" -H "Content-Type: application/json" -d '{"name":"My Agent"}'OAuth 2.0
User-facing applications. Requires user consent. Best for Claude Desktop.
bash
# Request curl -X POST https://app.conexor.io/api/oauth/token -d "grant_type=client_credentials" -d "client_id=client_xxxxx" -d "client_secret=secret_xxxxx" -d "scope=mcp:tools:read mcp:tools:execute"
Supported Flows
Client Credentials
Server-to-server authentication. Best for automated systems.
Authorization Code + PKCE
User-facing applications. Requires user consent. Best for Claude Desktop.
Using with Claude Desktop
Configure your claude_desktop_config.json to use Conexor OAuth for MCP servers.
json
{
"mcpServers": {
"conexor-sales": {
"url": "https://app.conexor.io/mcp/acme/sales-api",
"oauth": {
"clientId": "client_xxxxx",
"clientSecret": "secret_xxxxx",
"scopes": ["mcp:tools:read", "mcp:tools:execute"]
}
}
}
}Token Endpoint
text
POST /api/oauth/token
Content-Type: application/x-www-form-urlencoded
# Client Credentials
grant_type=client_credentials&client_id=xxx&client_secret=xxx&scope=xxx
# Authorization Code
grant_type=authorization_code&code=xxx&code_verifier=xxx&client_id=xxx&redirect_uri=xxx
# Response
{
"access_token": "eyJhbGciOiJIUzI1NiIs...",
"token_type": "Bearer",
"expires_in": 3600,
"scope": "mcp:tools:read mcp:tools:execute"
}Available Scopes
| Scope | Description |
|---|---|
| mcp:tools:read | List available tools |
| mcp:tools:execute | Execute tools (query data) |
| mcp:resources:read | Read resources (skills) |
| mcp:server:read | Read server info |
| mcp:server:manage | Manage server (OAuth clients) |
INFOTokens expire after 60 minutes. Refresh tokens can be obtained from the refresh token returned at login.
Error Handling
json
// 401 Unauthorized
{
"error": "Unauthorized",
"message": "Invalid or expired token",
"statusCode": 401
}
// 403 Forbidden
{
"error": "Forbidden",
"message": "Insufficient permissions",
"statusCode": 403
}
// 402 Payment Required
{
"error": "Payment Required",
"message": "Query limit exceeded. Please upgrade your plan.",
"statusCode": 402
}NOTEWhen limits are exceeded, requests return 402 Payment Required. Requests within burst limit still count against quota.