Authentication

The Swoop MCP server supports two authentication methods. Choose the one that fits your workflow.

OAuth 2.0
API keys

Swoop supports OAuth 2.0 with Dynamic Client Registration (DCR).
If your client doesn’t support this, please check the API keys Authentication method.How it works:Most of this flow is handled automatically by the MCP client — you only need to sign in and approve the consent screen.

Your MCP client discovers the authorization server via /.well-known/oauth-authorization-server
A browser window opens for you to sign in with your Swoop account
You review and approve the requested permissions on a consent screen
The client receives an access token and includes it automatically with each request

Best for: Interactive use from desktop AI clients like Claude Desktop and Cursor.

API keys are long-lived tokens that don’t require a browser-based login. They are prefixed with ak_.

Open the Swoop dashboard

Go to app.swoop.it and sign in.

Create an API key

Navigate to your user profile and create a new API key. Copy the key immediately — it won’t be shown again.

Use the key in your client

Configure your MCP client to send the API key as a Bearer token:

Authorization: Bearer ak_your_api_key_here

Treat API keys as secrets. Do not commit them to version control or share them publicly. If a key is compromised, revoke it immediately from the Swoop dashboard.

Best for: Automated workflows, CI/CD pipelines, or environments where OAuth browser flow is not practical.

Getting started

MCP Server

Integrations

Authentication