HyperMemory
Mint Starter Kit

Connect

MCP with OAuth

Connect any MCP client to HyperMemory using OAuth authentication with PKCE

MCP with OAuth

This is the recommended connection method. Paste the server URL, verify via OAuth, and you’re connected.

Server URL

https://api.hypermemory.io/mcp

Transport: Streamable HTTP.

How to connect

  1. Paste https://api.hypermemory.io/mcp into your MCP client.
  2. Name the server HyperMemory.
  3. Your client opens a browser window for OAuth verification.
  4. Sign in with GitHub (or another supported provider).
  5. Approve the connection.
  6. The HyperMemory tools are now available to your agent.

No API key management required — tokens refresh in the background.

OAuth details

The server implements OAuth 2.0 Authorization Code with mandatory PKCE (S256):

  • Discovery: GET /.well-known/oauth-authorization-server (RFC 8414) and GET /.well-known/oauth-protected-resource/mcp (RFC 9728)
  • Dynamic registration: POST /register
  • Authorization: GET /authorize → redirects to login (via Supabase — GitHub, Google, or email/password)
  • Token exchange: POST /token exchanges the authorization code + PKCE verifier for access_token and refresh_token
  • Refresh: POST /token with grant_type=refresh_token

Authorization codes are stored in Redis with a 300-second TTL.

Advertised scopes

ScopeDescription
memory:readRead nodes, edges, and graph state
memory:writeCreate and update nodes and edges
memory:adminFull access including administrative operations

Enforcement is via plan limits and API key scope, not per-scope-string gating. All authenticated users have access to the tools their plan allows.

Supported clients

Any MCP client that supports OAuth with PKCE works with this method:

  • Claude Desktop — paste URL, OAuth flow is automatic. See Claude Desktop guide.
  • Claude Codeclaude mcp add hypermemory --transport http https://api.hypermemory.io/mcp. See Claude Code guide.
  • Cursor — paste URL into MCP settings
  • Windsurf — paste URL into MCP settings
  • OpenClaw — add via CLI or MCP config. See OpenClaw guide.
  • n8n — set Server URL in the MCP node. See n8n guide.

Tenant resolution

Your tenant namespace and database are resolved from the JWT app_metadata.tenant_ns and tenant_db fields set by Supabase. Tenants are lazily provisioned on first access — no manual setup is needed.

When to use API key instead

Use MCP with API key if:

  • Your client does not support OAuth (e.g. server-side scripts, CI pipelines)
  • You need a static credential for automation
  • You are integrating via raw HTTP rather than an MCP SDK