SetFork Docs

API tokens

Personal access tokens for MCP and git — scopes, creation, revocation.

Personal API tokens (sf_…) authenticate everything programmatic: the MCP server and git over HTTPS.

Create a token

  1. Open Settings → API & MCP access.
  2. Press New token, name it, pick a scope and (optionally) an expiry.
  3. Copy the token — it is shown exactly once. Only a SHA-256 hash is stored.

Scopes

ScopeAllows
readMCP search/read, git clone and git pull
writeEverything in read, plus creating/updating lists and git push

Using tokens

  • MCP — HTTP header: Authorization: Bearer sf_…
  • git — the token is the password; username can be anything:
git clone https://anything:[email protected]/you/your-list.git

Hygiene

  • Prefer read scope for agents that only need lookup.
  • Set expiry dates for tokens used in CI or shared environments.
  • Revoke unused tokens on the same settings page — revocation is immediate.
  • Every token action lands in the audit log.

On this page