Sleekplan uses different authentication mechanisms depending on what you are integrating with. This page summarizes each and links to the detailed guide.Documentation Index
Fetch the complete documentation index at: https://sleekplan.com/docs/llms.txt
Use this file to discover all available pages before exploring further.
Choose your auth method
| Method | Use when | Where the secret lives | Detail page |
|---|---|---|---|
| JWT SSO | Logging your users into the widget, embed, or standalone page | Your server signs tokens with a private key from Settings → Developer | Single Sign-On |
| REST API key | Calling the Sleekplan API from your own backend | API key from Settings → Developer, sent as Authorization: Bearer | API keys |
| MCP OAuth 2.1 | Connecting AI clients (Claude, Cursor, etc.) to your workspace | Issued by Sleekplan during the OAuth flow | MCP Server |
| Webhook secret | Verifying incoming webhook deliveries on your endpoint | You set a ?key= GET parameter when you create the webhook | Webhooks |
Canvas X-Secret | Verifying incoming Canvas requests on your endpoint | You set a secret token when installing the Custom Integration | Custom Integration overview |
Where to find your credentials
Both the JWT SSO private key and the REST API key are available in Settings → Developer at https://app.sleekplan.com/settings/developer.Choosing the right method
- Authenticate a logged-in user in the widget → JWT SSO.
- Read or write Sleekplan data from your own backend → API key.
- Let an AI assistant query Sleekplan in natural language → MCP OAuth.
- React to events happening in Sleekplan → Webhook secret (plus, optionally, an IP allow-list).
- Render custom UI inside the Sleekplan admin → Canvas
X-Secret.