MCPUpdated for MCP and REST v1

Chat-App OAuth Connectors

Claude, ChatGPT, Cowork, and similar hosted connectors use OAuth 2.1 instead of asking users to paste a static API key.

How the connector signs in

Some hosted chat apps do not ask users to paste a static API key for remote MCP servers. In those clients, Novabrand uses the standard OAuth connector flow: the user signs in, approves access, and the chat app receives a token it can use only for MCP.

  1. 1

    Enter the Novabrand MCP URL in the connector: https://api.novabrand.ai/mcp.

  2. 2

    The chat app discovers the Novabrand sign-in flow automatically.

  3. 3

    Sign in to Novabrand and approve the connector request.

  4. 4

    The connector receives MCP-only access and calls /mcp on your behalf.

  5. 5

    Revoke the connected key in Novabrand if you want to disconnect the chat app.

Discovery endpoints

GET/.well-known/oauth-protected-resourcenone

Protected-resource metadata for MCP OAuth discovery.

GET/.well-known/oauth-protected-resource/mcpnone

Compatibility alias for clients that derive metadata from `/mcp`.

Direct agents can still use API keys

Coding agents and server-side tools that support bearer tokens can connect directly with an mcp-scoped nb_sk_... key. Hosted chat apps should use the OAuth connector flow when their UI asks the user to sign in.