Connect a Local Agent (Personal Access Token)

A Personal Access Token (PAT) is how a local agent — an editor, a terminal, Claude Code, or any other MCP client running on your machine — authenticates to the Postnomic MCP server as you. The diagram...

Overview

A Personal Access Token (PAT) is how a local agent — an editor, a terminal, Claude Code, or any other MCP client running on your machine — authenticates to the Postnomic MCP server as you. The diagram below shows the shape of the connection: your agent holds the token, the MCP server forwards it unchanged, and the API runs every tool call exactly as if you had made it yourself.

Personal access token flow: agent to MCP server to API Your agent / CLIMCP client Postnomic MCPmcp.postnomic.com Postnomic APIacts as you Bearer pnp_… forwards token

What a PAT is

A Personal Access Token is a user-scoped credential — it looks like pnp_…, is hashed (SHA-256) before it's stored, and is never shown again after creation. Unlike a blog's API key, a PAT is tied to your account, not to a single blog:

  • It acts as you — whichever blogs you're a member of, and whatever role you hold on each (Admin, Author, etc.), the agent inherits exactly those permissions. It can't do anything you couldn't do yourself in the dashboard.
  • It's revocable at any time from the Access Tokens page, independent of your password or Auth0 login.
  • It is not a login credential — it can't be used to sign in to the WebApp dashboard, only to call the API (directly, or through the MCP server).

Step 1: Mint a token

  1. Sign in to the Postnomic dashboard.
  2. Open Access Tokens from the user menu.
  3. Click Create Token, give it a descriptive name (for example, "Claude Code — laptop"), and confirm.
  4. Copy the pnp_… value shown on screen. This is the only time it's displayed — Postnomic stores only its hash, so if you lose it you'll need to revoke it and create a new one.

Treat the token like a password: don't paste it into chat messages, commit it to a repository, or share it between people. Create a separate token per machine or agent so you can revoke one without affecting the others.

Step 2: Connect Claude Code

Claude Code can register the Postnomic MCP server directly from the command line. Run this once, substituting your own token:

claude mcp add --scope user --transport http postnomic https://mcp.postnomic.com/mcp --header "Authorization: Bearer pnp_..."

This registers the server at user scope, so it's available across every project you open with Claude Code on that machine, and stores the bearer header so each tool call authenticates as you.

Step 3: Connect a generic MCP client

Any MCP client that supports Streamable HTTP servers with custom headers can connect the same way. Most desktop and editor clients read this shape from an .mcp.json file:

{
  "mcpServers": {
    "postnomic": {
      "type": "http",
      "url": "https://mcp.postnomic.com/mcp",
      "headers": { "Authorization": "Bearer pnp_..." }
    }
  }
}

Replace pnp_... with the token you copied in Step 1, and consult your client's documentation for where it expects this configuration to live (some clients merge a project-level .mcp.json with a global one; others only read a global config file).

Security notes

  • Revoke anytime. If a token is exposed, compromised, or simply no longer needed, revoke it immediately from the Access Tokens page — the change takes effect on the next request.
  • The token is forwarded, never logged. The MCP server copies your token's Authorization header onto its own request to the API and does not persist it anywhere; the API itself does not log token values.
  • One token, one blast radius. Because a PAT acts as you across every blog you belong to, prefer one token per machine or agent over sharing a single token everywhere — that way revoking a lost laptop's token doesn't also disconnect your CI pipeline or your other devices.
  • MCP access requires a paid plan. A valid PAT still won't connect a Free-tier account to the MCP server — Free-tier tokens are rejected with an access-denied response. Upgrade to Plus, Pro, or Enterprise to use MCP tools.

Was this article helpful?

Thank you for your feedback!