ScrepyDocs

Connected Apps

Manage Screpy API keys, MCP OAuth connections, and connection keys.

Connected Apps is the account-level screen for integrations and credentials that let other tools work with your Screpy data. It lists the MCP address, REST API keys, OAuth connections, and connection keys. Use it as an access-control screen: only keep connections that have a current owner and a clear purpose.

Choose the right connection type

Screpy uses different credentials for different integrations:

ConnectionUse it for
REST API keyServer-to-server requests to the Screpy REST API. Choose read-only or read-and-write access deliberately when creating the key.
OAuth connectionAn MCP or other authorised client acting within the signed-in Screpy account. Review its creation and expiry time, then revoke it when it is no longer needed.
Connection keyA named connection credential managed from the same screen.

Do not try to use an MCP OAuth token as a REST API key, or a REST API key to connect an MCP client.

Before creating a connection, decide what it needs to access. Start with the smallest useful scope: use a dedicated API key for an automation, and connect an MCP client only to the Screpy account that should see its projects and data.

Review and remove access safely

Periodically review the connected app list after team changes, a device replacement, or an automation migration. Revoke a connection you no longer recognize or need. Revoking access stops future requests made with that connection; update the replacement integration before removing a credential that still powers a live workflow.

Never put API keys in browser code, public repositories, screenshots, or shared documents. Store them in a server-side secret manager or environment variable.

Use one key per automation

A separate key for each integration makes it possible to rotate or revoke one workflow without interrupting the others.

On this page