Skip to main content
NekoHub supports two authentication methods:
  • JWT login for the browser admin console and user-backed API calls
  • API key for scripts, automation, CI/CD, and MCP

JWT login

The browser admin console signs in with a username and password. The API returns an access token plus a refresh token.

Log in

Real responses are wrapped in data:

Use the access token

Refresh the access token

Token lifetime

The backend signs and validates these tokens. The frontend only stores them and refreshes them when needed.

API key

API keys are for non-interactive clients. They are configured through environment variables and sent as Bearer credentials:
For MCP:

Which method should you use?