Skip to main content

Authentication

The MCP server authenticates with a Brew API key — send it as a bearer token: 
Authorization: Bearer brew_YOUR_API_KEY
Create keys at Settings → API. A request with no / invalid key returns 401.
OAuth-based org + brand authentication is a planned follow-up. Today the MCP server is API key only.

Brand scoping

A Brew API key is brand-scoped — it belongs to exactly one brand and carries that brand’s permission scopes. So the connection URL is clean and the same for every brand: 
https://brew.new/api/mcp
The key in the Authorization header determines the org + brand for every call — there is no brand in the URL. To operate on a different brand, connect with that brand’s key. Find brand details via the get_brand tool or the dashboard.

Safe retries (idempotency)

Every write tool accepts an optional idempotency_key (≤ 100 chars). A repeat call with the same key replays the original result instead of acting twice; the same key with a different payload returns 409 IDEMPOTENCY_CONFLICT. This reuses the API’s Redis reserve/replay, so a key is honored identically across the MCP and HTTP surfaces. Always pass one on send_email — it is fail-closed (refuses with a retryable 503 if dedupe can’t be guaranteed) so a retry never sends a campaign twice.

Errors & observability

Errors surface with an actionable code, message, suggestion, and a request_id you can quote to support. Out-of-credits → INSUFFICIENT_CREDITS. Permission gaps and validation failures each return a distinct code.

Need Help?

Our team is ready to support you at every step of your journey with Brew. Choose the option that works best for you:

Search Documentation

Type in the “Ask any question” search bar at the top left to instantly find relevant documentation pages.

ChatGPT/Claude Integration

Click “Open in ChatGPT” at the top right of any page to analyze documentation with ChatGPT or Claude for deeper insights.