StartUpdated for MCP and REST v1

Authentication

Use scoped `nb_sk_...` API keys for MCP and REST. Create keys in Novabrand and send them only from trusted clients.

API keys

Novabrand programmatic access uses keys in the nb_sk_... format. Keys can include the mcp scope, the api scope, or both. Treat each key like a password: keep it server-side, do not commit it to source control, and rotate it if it is exposed.

Authorization headerbash
Authorization: Bearer nb_sk_your_key_here
ScopeCan callTypical use
mcpPOST /mcpCoding agents and MCP-compatible clients.
api/public/v1/*Server-side API integrations and workflow automation.

Create a key

  1. 1

    Open Novabrand and go to the integrations or API keys area.

  2. 2

    Create a named key and choose the scopes your client needs.

  3. 3

    Store the raw nb_sk_... value immediately. It is not shown again.

  4. 4

    Use the key in the Authorization header for MCP or REST calls.

Choose the right scope

Use the smallest scope that works for the client. An agent that only connects through MCP needs mcp. A server-side workflow that calls /public/v1 needs api. Use both only when the same trusted environment needs both surfaces.

Revocation behavior

Revoking an API key immediately disconnects direct MCP clients, REST API callers, and chat-app connectors that received that key through OAuth.