API Tokens and External Access

Advanced

API Tokens and External Access

Metapad provides an API that lets external tools and scripts read and modify your models programmatically. Access can be controlled via API tokens or OAuth authentication.

What Are API Tokens?

API tokens (prefixed mpt_...) are credentials that grant external applications access to a specific model. They're used with the MCP (Model Context Protocol) API.

When to Use API Tokens vs OAuth

  • API tokens: Best for scripts, CI/CD pipelines, and automation — where no interactive login is possible
  • OAuth: Best for interactive MCP clients like Claude Desktop and Claude.ai — just log in with your Metapad credentials (see "Connecting MCP via OAuth")

Creating an API Token

  1. Open your model in the workspace
  2. Navigate to the API Tokens Tab in settings
  3. Click Create Token
  4. Give the token a descriptive name (e.g., "CI Pipeline", "Claude Desktop")
  5. Copy the token immediately — it won't be shown again
  6. Store it securely (environment variable, secrets manager)

Using the Token

The token is used as a Bearer token in API requests:

Authorization: Bearer mpt_your_token_here

The MCP API endpoint is: POST /mcp/{model_id}

Managing Tokens

  • View active tokens in the API Tokens Tab
  • Revoke tokens you no longer need
  • Each token has a name and creation date for tracking

Requirements

  • API access requires a Pro plan or higher
  • Tokens are scoped to a specific model
  • All mutations made via API tokens flow through the collaboration system — browser users see changes in real-time

Security Tips

  • Never share tokens in code repositories or public channels
  • Rotate tokens periodically
  • Revoke tokens when they're no longer needed
  • Use descriptive names so you know which integration each token belongs to
← Previous

Keyboard Shortcuts Reference

Next →

Advanced Filtering with Conditions