Authorization: Bearer pattern as API authentication. Apply the header on the MCP HTTP connection during setup.
Quick answer
| Mode | Use it for |
|---|---|
| No authentication | neus_context, neus_proofs_check, public neus_proofs_get, and verifier catalog reads |
Bearer (npk_*) | neus_me, authenticated neus_proofs_get, profile reads, and account-aware MCP flows |
Authorization header
npk_* when a tool needs your account. Do not use an end user’s browser session for MCP authentication.
What Bearer unlocks
neus_me- authenticated
neus_proofs_get - profile reads
- account-aware MCP flows
neus_verify can complete without an additional signature when your authenticated profile wallet already matches the request walletAddress. See Overview.
Interactive verification flows
Use Hosted Verify when the user needs to complete an interactive step, including:- wallet connection or signing
- passkey authentication
- OAuth login
- social verification
hostedVerifyUrl, send the user to that URL to complete the flow on NEUS.
Common situations
| Situation | What to do |
|---|---|
| User needs passkey, OAuth, or social verification | Open the returned hostedVerifyUrl |
| User has a connected wallet | Use neus_verify with signature, or use the hosted URL when returned |
| IDE or server automation | Use Authorization: Bearer <npk_...> on MCP; direct HTTP uses the same pattern in API authentication |
Security
| Topic | Rule |
|---|---|
| Store keys | Server or IDE MCP configuration only |
| Browser exposure | Never expose personal access keys in browser code |
| Rotation | Re-issue the key from Access Keys if it is exposed |
hostedVerifyUrl | Send the user to the returned NEUS hosted flow |