Skip to content

Replace API token auth with OAuth flow and multi-project support#6

Open
stefanoverna wants to merge 1 commit intomainfrom
feat/oauth-multi-project
Open

Replace API token auth with OAuth flow and multi-project support#6
stefanoverna wants to merge 1 commit intomainfrom
feat/oauth-multi-project

Conversation

@stefanoverna
Copy link
Copy Markdown
Member

@stefanoverna stefanoverna commented Apr 2, 2026

Summary

OAuth authentication (replaces API token)

The DATOCMS_API_TOKEN and DATOCMS_ENVIRONMENT environment variables have been removed. Authentication now uses an OAuth flow.

Three new tools handle authentication:

  • datocms_login — Opens a browser for OAuth authorization, saves credentials to ~/.config/datocms-mpc/credentials.json (chmod 600).
  • datocms_logout — Removes saved credentials.
  • datocms_whoami — Shows the currently authenticated account (name, email, company).

Multi-project support

Every tool that interacts with the DatoCMS API now accepts a project argument (site ID, internal subdomain, *.admin.datocms.com URL, custom domain, or full URL) and an optional environment argument. This means you can work across multiple projects in a single session without restarting the server.

Project resolution searches across the user's personal account and all organizations in parallel.

Breaking changes

  • DATOCMS_API_TOKEN env var is no longer supported. Users must authenticate via datocms_login.
  • DATOCMS_ENVIRONMENT env var is no longer supported. Pass environment as a tool argument instead.
  • All project-scoped tools now require a project argument.

Other changes

  • Replaced manual platform-specific execSync browser opening with the open package.
  • Removed dashboardBaseUrl from credentials — only the standard DatoCMS OAuth endpoint is supported.
  • Improved error messages when a project is found but the user lacks CMA API access.
  • Tools are now always registered (no more conditional registration based on whether an API token was provided).

Test plan

  • Run datocms_login and verify browser opens, credentials are saved
  • Run datocms_whoami and verify account info is returned
  • Run datocms_logout and verify credentials are removed
  • Test project resolution by site ID, subdomain, *.admin.datocms.com URL, and custom domain
  • Test multi-project usage in a single session
  • Verify error message when project is not found suggests asking the user
  • Verify error message when project exists but user lacks CMA API access
  • Test script create/update/execute flow with project argument

@stefanoverna
Replace API token auth with OAuth flow and multi-project support
49b21de 
Remove DATOCMS_API_TOKEN/DATOCMS_ENVIRONMENT env vars in favor of
browser-based OAuth authentication. All tools now accept project
and environment arguments, enabling multi-project workflows in a
single session.
@stefanoverna stefanoverna self-assigned this Apr 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@stefanoverna stefanoverna

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@stefanoverna