You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
feat(magento): use connection-level Authorization token instead of form field (#518)
Removes apiToken from the configSchema form and StateSchema — users now
set their Magento integration token in the encrypted Token field of the
HTTP connection. resolveCredentials reads MESH_REQUEST_CONTEXT.authorization
(strips Bearer prefix) with MAGENTO_API_TOKEN env var as a local fallback.
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Copy file name to clipboardExpand all lines: magento/app.json
+1-7Lines changed: 1 addition & 7 deletions
Original file line number
Diff line number
Diff line change
@@ -13,12 +13,6 @@
13
13
"title": "Base URL",
14
14
"description": "Magento store base URL, e.g. https://loja.granado.com.br (no trailing slash, no /rest)"
15
15
},
16
-
"apiToken": {
17
-
"type": "string",
18
-
"title": "API Token",
19
-
"description": "Magento integration access token (sent as Authorization: Bearer)",
20
-
"format": "password"
21
-
},
22
16
"storeCode": {
23
17
"type": "string",
24
18
"title": "Store Code",
@@ -49,7 +43,7 @@
49
43
}
50
44
}
51
45
},
52
-
"required": ["baseUrl", "apiToken"]
46
+
"required": ["baseUrl"]
53
47
}
54
48
},
55
49
"description": "MCP for Magento 2 REST APIs — live sales dashboard widgets (orders per hour, sales cards, cancellation rate, top products, status breakdown) plus curated tools for orders, catalog, customers, inventory and CMS.",
@@ -94,7 +104,7 @@ export function assertValidCredentials(
94
104
}
95
105
if(!creds.apiToken){
96
106
thrownewError(
97
-
`Magento apiToken is missing${where} — set MESH_REQUEST_CONTEXT.state.apiToken or the MAGENTO_API_TOKEN env var (integration access token).`,
107
+
`Magento apiToken is missing${where} — set the Token field in the MCP connection (Authorization: Bearer) or the MAGENTO_API_TOKEN env var (integration access token).`,
0 commit comments