The Sequel MCP server supports two authentication methods. Both authorize a client to query the data sources your organization has connected — nothing more. This page explains when to use each and how to manage access.
At a glance
| API key | OAuth 2.0 | |
|---|---|---|
| Best for | CLIs & editors (Claude Code, Cursor, VS Code, Windsurf, Zed, Codex, Gemini) | Connector-style clients (ChatGPT, Claude.ai) |
| Setup | Paste a key into the tool's config | Sign in on a consent screen |
| Credential | Static sql_… Bearer token | Short-lived access token, auto-refreshed |
| Revoke | Delete the key | Revoke the authorization |
API keys
API keys are static Bearer tokens you generate once and paste into a tool's MCP config.
Create a key
Go to Settings → API Keys in the Sequel dashboard and create a new key. Give it a descriptive name (e.g. the tool or person it's for).
Copy it immediately
The full key is shown once, at creation. Copy it then — afterward only a short prefix is visible for identification.
Use it as a Bearer token
Add it to your tool's MCP config:
Authorization header
Authorization: Bearer sql_your_api_keyThe sequel_mcp key
When you install Sequel from the dashboard's install dialog, it auto-provisions a key named sequel_mcp and inserts it into the config snippet for you — so you usually don't have to create one by hand.
Keep keys private
A key grants access to your organization's connected data. Don't commit keys to shared repos — give each person or tool its own key, and revoke any key that may have leaked.
OAuth 2.0
For clients that support it, OAuth avoids sharing static keys. Sequel implements standard OAuth 2.0 with PKCE:
The client registers itself
The MCP client registers with Sequel automatically (dynamic client registration) — there's nothing to paste.
You sign in and consent
You're redirected to a Sequel consent screen, sign in, and pick the organization to authorize.
Sequel issues tokens
Sequel returns a short-lived access token (refreshed automatically in the background) scoped to your organization. The client uses it on every request.
To use OAuth, just choose Sequel as an MCP connector in a client that supports it (for example ChatGPT's Connectors or Claude.ai integrations) and follow the sign-in prompt.
Scope & revocation
- Organization-scoped. Every key and OAuth session can only reach the data sources your organization has connected.
- Revoke anytime. Delete an API key, or revoke an OAuth authorization, from the dashboard. Access stops immediately.
- Rotate freely. Issue separate keys per tool or environment so you can revoke one without disrupting the others.