Connected Apps
Manage Screpy API keys, MCP OAuth connections, and connection keys.
Connected Apps is the account-level screen for integrations and credentials that let other tools work with your Screpy data. It lists the MCP address, REST API keys, OAuth connections, and connection keys. Use it as an access-control screen: only keep connections that have a current owner and a clear purpose.
Choose the right connection type
Screpy uses different credentials for different integrations:
| Connection | Use it for |
|---|---|
| REST API key | Server-to-server requests to the Screpy REST API. Choose read-only or read-and-write access deliberately when creating the key. |
| OAuth connection | An MCP or other authorised client acting within the signed-in Screpy account. Review its creation and expiry time, then revoke it when it is no longer needed. |
| Connection key | A named connection credential managed from the same screen. |
Do not try to use an MCP OAuth token as a REST API key, or a REST API key to connect an MCP client.
Before creating a connection, decide what it needs to access. Start with the smallest useful scope: use a dedicated API key for an automation, and connect an MCP client only to the Screpy account that should see its projects and data.
Review and remove access safely
Periodically review the connected app list after team changes, a device replacement, or an automation migration. Revoke a connection you no longer recognize or need. Revoking access stops future requests made with that connection; update the replacement integration before removing a credential that still powers a live workflow.
Never put API keys in browser code, public repositories, screenshots, or shared documents. Store them in a server-side secret manager or environment variable.
Use one key per automation
A separate key for each integration makes it possible to rotate or revoke one workflow without interrupting the others.