authentication

Antwork uses OAuth 2.1 with PKCE for authentication. No API keys or client secrets needed — your MCP client handles everything automatically.

how it works

When you connect an MCP client to Antwork, authentication happens automatically via a browser-based consent flow:

1. Add the Antwork MCP server URL to your client
2. On first use, your browser opens automatically
3. Log in to your Antwork account and approve the requested permissions
4. You are connected — the client stores tokens and refreshes them automatically

server url

https://api.antwork.io/mcp

No client ID or client secret is required. Antwork uses dynamic client registration (RFC 7591), so your MCP client registers itself automatically.

scopes

During the consent flow, you will be asked to approve the following permission scopes:

read View your posts, brand DNA, social accounts, and analytics

write Create and edit draft posts

publish Publish and schedule posts to connected social accounts

media Upload images and media files

token lifecycle

Access tokens are valid for 1 hour. Your MCP client automatically refreshes them using a refresh token — no manual intervention needed. If a refresh token expires or is revoked, the browser consent flow will open again.

revoking access

You can revoke any connected MCP client from your workspace settings under Connected Apps. Revoking access immediately invalidates all tokens for that client.

<< previousquickstart next >>claude code