Auth / Scope
Authentication (PAT and OAuth 2.1 DCR), scope (read / write / admin), the destructive-op confirmation model, profile vs scope, and token revocation for the Nyask MCP endpoint.
Two ways to authenticate
Nyask MCP accepts two kinds of token. Both are passed to /mcp as Authorization: Bearer .
- PAT (Personal Access Token) — a fixed token you issue in portal. Use it to connect from local tools and scripts.
- OAuth — a token capable clients obtain and refresh automatically. Use it with Claude Desktop / ChatGPT, etc.
PAT (Personal Access Token)
Issue it under portal “Settings → Integrations”. The token starts with nyask_pat_ and is shown in full only in the issuing dialog.
- “Settings” → “Integrations” → “Issue a new token”
- Choose a name and scope (read / write), then issue
- Copy the shown
nyask_pat_…immediately (cannot be shown again) - If lost, revoke it and issue a new one
OAuth (clients connect automatically)
With a capable MCP client, everything from connecting to signing in is automatic. All you do is press “Allow” on the screen that appears. Internally the client runs the following.
- Find the endpoint — Automatically locates the endpoint and the authorization server.
- Client registration — The client registers itself automatically (no password needed).
- Allow — The portal consent screen opens; you press “Allow.”
- Get a token — In exchange for “Allow,” the client receives a connection token.
- Auto-refresh — Re-fetches the token before it expires (the old one is revoked immediately).
- Revoke — Invalidates a token once it is no longer needed.
How the security works (technical detail)
The authorization code is protected with PKCE (S256), and the token’s audience is pinned to Nyask MCP. An unauthenticated request returns 401, from which a capable client starts sign-in automatically (per RFC 9728 / MCP 2025-11-25).
Scope
Scope is the range of tools a token can call (the authorization boundary). Scope is set at PAT issuance, or at consent for OAuth.
| scope | What it can do |
|---|---|
read | Read only. Never changes data. |
write | All tools including create / update / delete (and confirmed destructive ops). |
admin | Reserved. Same as write in v1.0. |
Destructive-op confirmation
Irreversible operations such as deletes (destructive ops) carry a marker, and the MCP client is expected to always ask for confirmation before running them. Each tool’s marker is shown in the
MCP Catalog .Profile vs scope
These are easy to confuse, so to be clear:
- profile (what is shown) — a narrowing of which tools the client displays. A presentation-level filter that reduces mistakes.
- scope (what is allowed) — the tools a token can actually call. This is the security boundary.
Revocation
PATs can be revoked individually, or all at once with “Revoke all PATs,” under portal “Integrations.” OAuth tokens are invalidated by signing out of the client or via the revoke endpoint.
Revoke in bulk via the API (technical detail)
Bulk revocation of all PATs is also available from the API.
curl -X POST https://api-nyask.vemi.jp/api/me/mcp-tokens/revoke-all \
-H "Authorization: Bearer <portal_token>"