Skip to main content
Nylio’s MCP endpoint is protected by OAuth 2.1.

Issuer

https://api.nylio.app/api/auth

Resource metadata

These endpoints help MCP clients discover the protected resources and issuer metadata:
  • API resource metadata: https://api.nylio.app/api/public/v1/.well-known/oauth-protected-resource
  • MCP resource metadata: https://api.nylio.app/api/public/v1/mcp/.well-known/oauth-protected-resource
  • Authorization server metadata: https://api.nylio.app/api/auth/.well-known/oauth-authorization-server
  • OpenID configuration: https://api.nylio.app/api/auth/.well-known/openid-configuration
Some OAuth client libraries append /.well-known/ to the issuer path instead of prepending it. These alternate discovery URLs also work:
  • https://api.nylio.app/.well-known/oauth-authorization-server/api/auth
  • https://api.nylio.app/.well-known/openid-configuration/api/auth

Audience

Request access tokens for the MCP audience: 
https://api.nylio.app/api/public/v1/mcp

Scopes

Request the scopes you need:
  • workspace:read
  • document:read
  • document:write
  • search:read

Dynamic client registration

Nylio supports OAuth Dynamic Client Registration. MCP clients can self-register without pre-shared credentials. Dynamically registered clients receive these default scopes:
  • workspace:read
  • document:read
  • document:write
  • search:read

Connection flow

  1. Fetch the MCP resource metadata from https://api.nylio.app/api/public/v1/mcp/.well-known/oauth-protected-resource.
  2. Follow the authorization server metadata link.
  3. Use the returned registration_endpoint to register the client.
  4. Run the OAuth authorization code flow with PKCE for the MCP audience.
If your MCP client supports OAuth discovery and dynamic registration natively, pointing it at the MCP resource metadata endpoint is usually enough.