AnySlate - Modern Markdown Editor
AnySlate - Modern Markdown Editor

MCP API Tokens

Create, manage, and secure your MCP API tokens. Tokens provide authenticated access to your AnySlate workspace for AI agents.

Understanding Tokens

What is an MCP Token?

An MCP token is a secure API key that authenticates AI agents (like Claude, Cursor, or Windsurf) to access your AnySlate workspace. Each token can have different permission scopes.

Token Security

Tokens are hashed with SHA-256 before storage. The full token is only shown once at creation. If you lose it, you'll need to create a new one.

Token Scopes

When creating a token, you can select which scopes to grant. Each scope enables different capabilities:

readRequired

List files, search files, read file content, view version history. Required for basic MCP functionality.

writeOptional

Create new files, update file content, edit specific sections, delete files. Required for AI agents to modify your workspace.

searchOptional

Enhanced search capabilities beyond basic file listing. Enables fuzzy matching and advanced queries.

Token Format

All AnySlate MCP tokens follow this format:

as_mcp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

The prefix as_mcp_ identifies this as an AnySlate MCP token. The remaining 40 characters are a secure random string.

Token Best Practices

Use descriptive names

Name tokens after their intended use (e.g., "Claude Desktop", "Cursor Work") to easily identify them later.

Set expiration dates

Always set an expiration date for tokens. This limits exposure if a token is ever compromised.

Grant minimum scopes

Only grant the scopes your AI agent actually needs. Use "read" only if the agent only needs to read files.

Never share tokens publicly

MCP tokens provide full access to your workspace. Never commit them to git repositories or share in chat.

Managing Tokens

Rotate Tokens

Regularly rotate tokens to maintain security. The rotation feature creates a new token and automatically revokes the old one.

Revoke Tokens

Instantly revoke access by deleting a token. This immediately prevents any AI agent using that token from accessing your workspace.

Audit Logs

View detailed audit logs for each token showing all operations, timestamps, and IP addresses.

Getting StartedClient Setup