Skip to main content
By the end of this guide, your agent will have its own identity, your users will be able to connect their accounts, and every API call will use fresh, scoped credentials.

How it works

Four steps. Zero long-lived secrets.
1

Register your agent

npx skills add kontext-dev/skills
Your AI coding agent gets the Kontext SDK skill and can create applications, configure integrations, and add credentials to your app. Or set up manually in the dashboard.
2

User connects their accounts

Your app sends the user to a connect page where they link the services your agent needs. Standard OAuth. They connect once.
3

Agent receives scoped credentials

Your server calls kontext.require("github", token) and gets a short-lived access token, scoped to this user and this task.
4

Tokens expire automatically

Each credential your agent receives is short-lived and scoped to the task. When the TTL passes, it’s gone. The user’s connection stays. The secrets don’t linger.

Prerequisites

Choose your path

The fastest way. Install the Kontext skill and let your AI coding agent handle the setup.

1. Install the skill

npx skills add kontext-dev/skills
Auto-detects your AI harness (Claude Code, Cursor, Gemini CLI, etc.) and installs to the right location.

2. Ask your agent

Tell your agent what you need. It can create applications, configure integrations, and wire up credentials through the Management API. For example:
“Add Kontext to my MCP server so it can access GitHub on behalf of users”
“Set up a Kontext application with GitHub and Slack integrations”
The skill covers the full lifecycle: Server SDK (Express + MCP), Client SDK (auth flows), Vercel AI SDK adapter, React hooks, Cloudflare Agents, and Management API.

3. Test it

Once your agent has wired everything up, run your app. The first request that needs credentials will trigger the OAuth connect flow for your user.

Complete example

Get a scoped GitHub credential and use it to call the GitHub API: 
import { Kontext } from "@kontext-dev/js-sdk/server";

const kontext = new Kontext({
  clientId: "app_your-client-id",
  clientSecret: "your-client-secret",
});

// Get a scoped, short-lived GitHub token for this user
const github = await kontext.require("github", {
  userId: "user-123",
});

// Use it like any other token
const res = await fetch("https://api.github.com/user/repos", {
  headers: { Authorization: github.authorization },
});

const repos = await res.json();
console.log(`Found ${repos.length} repos`);
Inside an MCP tool handler, you get the user identity from the auth context instead: 
server.tool("list-repos", async (_params, { authInfo }) => {
  const github = await kontext.require("github", authInfo!.token);

  const res = await fetch("https://api.github.com/user/repos", {
    headers: { Authorization: github.authorization },
  });
  const repos = await res.json();

  return { content: [{ type: "text", text: JSON.stringify(repos) }] };
});

Next steps

Server SDK

Build your own MCP server with Kontext credential brokering.

Client SDK

Deep dive into the client SDK — auth flows, tool execution, and storage.

Framework Guides

Use Kontext with Vercel AI SDK, Cloudflare Agents, or React.