# auth.md You are an agent. This service supports agent setup for Krev: discover the MCP server, help the user link a Krev account, install the right connector for the client, then verify that the agent can call Krev tools. Krev gives AI agents ecommerce creative tools: product catalog lookup, Brand DNA, product photos, image edits, reference recreation, Amazon listing images, product video, ad generation, ad-library research, generation status, credits, and read-only campaign performance. ## Service details - Service name: Krev - MCP server: `https://app.krev.ai/mcp` - Public setup page: `https://www.krev.ai/mcp` - Agent quickstart: `https://www.krev.ai/agent-quickstart.md` - Contact: `contact@krev.ai` ## Authentication surfaces Krev supports two client setup paths. | Client | Auth method | What to do | | --- | --- | --- | | ChatGPT connector | OAuth 2.1 + PKCE | Add `https://app.krev.ai/mcp` as a ChatGPT connector. ChatGPT will discover Krev OAuth metadata and ask the user to link their account in the browser. | | Claude Code, Codex, OpenClaw, Hermes, generic MCP clients | Static bearer MCP key | Ask the user to create an MCP key in Krev Settings > Agent Connections. Never print the key back. Install the MCP server with `Authorization: Bearer mcp_live_...`. | ## ChatGPT connector flow 1. In ChatGPT, open Settings > Connectors. 2. Create a connector. 3. Use this connector URL: ```text https://app.krev.ai/mcp ``` 4. ChatGPT discovers Krev's protected-resource metadata: ```text https://app.krev.ai/.well-known/oauth-protected-resource ``` 5. ChatGPT discovers Krev's authorization-server metadata: ```text https://app.krev.ai/.well-known/oauth-authorization-server ``` 6. The user signs in to Krev in the browser, approves the connector, and ChatGPT receives a bearer token for future MCP calls. ## Static MCP key flow If the user is using Claude Code, Codex, OpenClaw, Hermes, or another client that supports bearer headers: 1. Tell the user to create a key in Krev Settings > Agent Connections. 2. The key starts with `mcp_live_`. 3. Do not print the key value back to the user. 4. Install the remote MCP server with: ```text https://app.krev.ai/mcp ``` 5. Send the key as: ```http Authorization: Bearer mcp_live_... ``` ## Scopes Krev MCP keys can expose these scopes: | Scope | What it enables | | --- | --- | | `images` | Product photo generation, image editing, reference recreation, Amazon listing images | | `videos` | Product video generation | | `products` | Catalog lookup and product context | | `credits` | Credit balance and plan-aware generation settings | | `ads` | Ad generation, creative options, ad-library research, read-only campaign performance | ## Safety rules for agents - Never put `mcp_live_...` keys in frontend code. - Never print secret keys back to the user. - Use read-only catalog and research tools before generation when product context is needed. - Generation tools spend the user's Krev credits. - Krev MCP does not publish ads or make campaign changes directly. Treat creative outputs as drafts unless the user explicitly asks for the next step inside Krev.