Authentication

OpRelay uses stateless OAuth tokens for both MCP and REST API access.

Token format

Tokens are issued through the dashboard and include:

Project scope
Permission level (read-only, read-write, admin)
Expiration (optional)

Using tokens

MCP clients

{
  "mcpServers": {
    "oprelay": {
      "url": "http://localhost:3000/mcp",
      "headers": {
        "Authorization": "Bearer your-token"
      }
    }
  }
}

REST API

curl -H "Authorization: Bearer your-token" \
  http://localhost:3000/api/v1/projects

Token management

Generate, rotate, and revoke tokens from Settings → API Keys in the dashboard.

Token format​

Using tokens​

MCP clients​

REST API​

Token management​

Token format

Using tokens

MCP clients

REST API

Token management