Authentication
Authentication Methods
- JWT
- API Key
- OAuth 2.0 (MCP clients)
MCP OAuth Authentication
ValueMapper MCP supports OAuth 2.0 Authorization Code flow for authenticated tools such as get_account and get_promotions.
In MCP clients that support OAuth prompts:
- Connect to
https://mcp.valuemapper.app/mcp - Run an authenticated tool
- Click Authenticate when prompted
- Complete authorization in your browser
If your MCP client does not yet support OAuth prompts, you can still authenticate by adding an Authorization: Bearer <API_TOKEN> header manually.
For full MCP setup and examples, see:
me Schema
The me part of the GraphQL schema is designed for user-specific queries and mutations. This has limited access to the account, and is as if a single user of the account has logged in to get their personal details, as well as to list the API Tokens that are available to use for Server-to-Server connections.
The JWT is used for this node, and is accessible through the use of the signIn mutation:
mutation SignIn($data: SignInInput!) {
signIn(data: $data) {
success
token
user {
email
}
}
}
The signIn.token returned is then used to fetch the account auth tokens for external services:
query GetUsers {
me {
accounts {
name
active
authTokens {
tokenType
token
}
}
}
}
account Schema
Following on from the above JWT flow, the account root node of the schema is where all the magic really happens.
Using the API token generated from the GetUsers query above, and passing in as a X-API-Token header, this allows full access to the remaining GraphQL schema.
With the API Token in place, we can now make requests to create/change Promotions, generate Redemption Codes, add Connected Services etc.
The API Token represents not a single person, but access to the account from another service, app, program or script.
An example account call would look something like:
query GetPromotion($uuid: String) {
account {
id
promotions(uuid: $uuid) {
uuid
name
active
promotionType
}
}
}