Authentication
Use scoped `nb_sk_...` API keys for MCP and REST. Create keys in Novabrand and send them only from trusted clients.
API keys
Novabrand programmatic access uses keys in the nb_sk_... format. Keys can include the mcp scope, the api scope, or both. Treat each key like a password: keep it server-side, do not commit it to source control, and rotate it if it is exposed.
Authorization: Bearer nb_sk_your_key_here| Scope | Can call | Typical use |
|---|---|---|
| mcp | POST /mcp | Coding agents and MCP-compatible clients. |
| api | /public/v1/* | Server-side API integrations and workflow automation. |
Create a key
- 1
Open Novabrand and go to the integrations or API keys area.
- 2
Create a named key and choose the scopes your client needs.
- 3
Store the raw
nb_sk_...value immediately. It is not shown again. - 4
Use the key in the
Authorizationheader for MCP or REST calls.
Choose the right scope
Use the smallest scope that works for the client. An agent that only connects through MCP needs mcp. A server-side workflow that calls /public/v1 needs api. Use both only when the same trusted environment needs both surfaces.
Revocation behavior
Revoking an API key immediately disconnects direct MCP clients, REST API callers, and chat-app connectors that received that key through OAuth.
