Skip to main content

MCP authentication

Navi MCP uses the same local configuration as the CLI. You do not need to manage a second credential set for Claude Desktop.

How authentication works today

Today, the local MCP server can read:
  • NAVI_COOKIE from the environment
  • the saved CLI config at ~/.config/navi/config.json
The most common setup flow is: 
navi auth login --cookie "<your-session-cookie>"
navi mcp install

What Claude Desktop is actually using

When Claude Desktop launches Navi MCP, the server inherits:
  • your Navi base URL
  • your current session cookie, if one is configured
That means Claude Desktop is acting as you within the scopes available to your current session.

Security boundary

The local MCP server authenticates only to the public Navi API. It does not need direct access to internal services or private infrastructure.

Future credential expansion

Navi already reserves future support for:
  • personal access tokens for human users
  • service API keys for server-to-server integrations
Those credentials are not enabled until the public credential service is fully enabled.