Connecting to Nue MCP with OAuth

connect nue to your favorite ai client in one click — no api keys to copy, no json to hand edit you sign in the way you already sign in to nue, and the assistant acts as you , with your permissions, your record access, and your security policies when you connect a nue mcp server with oauth , you authorize your ai client (chatgpt, claude, codex, claude code, cursor, and more) to work in nue under your own identity instead of pasting a shared api key into a config file, you click a button, sign in through your browser, and you're connected every quote, order, or pricing action the assistant takes is tied to you — not to an anonymous "mcp" service account this is the recommended way to connect to any nue mcp server oauth is currently available for the customer lifecycle (lcm) mcp only the price builder mcp still connects with a nue api key — see price builder mcp docid\ vmvbd0nkai8uvh0rkvyls for its setup before you start a nue ai license is enabled on your tenant existing tenants don't have it by default — contact your nue account executive see configure nue ai https //docs nue io/ex 7 configure for the salesforce sign in options, your nue tenant is connected to salesforce if it isn't, use the nue email & password option instead the role tied to your login determines which tools and records the assistant can see and change you only ever get what you're already allowed to do in nue why oauth instead of an api key with oauth with a static api key the assistant acts as you — audit logs show your name everyone shares one service account; logs say "mcp" your salesforce sharing, field level security, mfa, and ip policies apply automatically full scope of the key, for everyone who has it short lived tokens , refreshed automatically long lived secret you must rotate by hand one click install in any modern ai client copy paste urls and secrets into config files if your client can't do oauth yet — or you're connecting the price builder mcp — the static api key still works see connect with a static api key docid\ h6afi jeh6817ew0vd13w below choose how you sign in when you connect, nue shows you an authorize mcp access screen pick how you want to sign in — the assistant then uses that identity for every action it takes in your tenant authorize mcp access — choose salesforce production, salesforce sandbox, or nue email & password sign in option when to use it what it honors salesforce — production (recommended) your everyday salesforce connected tenant your org's sso, mfa, and record level sharing salesforce — sandbox qa or staging salesforce orgs ( test salesforce com ) same sso/mfa, against your sandbox org nue email & password a convenient option for users with nue app access — admins, revops, and similar roles your nue login and session you only need to do this once per client and device the assistant reads and writes nue data on your behalf — exactly within your permissions connect for the first time the flow is the same in every client you never edit credentials by hand — the client discovers everything it needs from nue automatically add the nue mcp server to your client (see the per client steps below) run anything that touches nue — e g "list my customers up for renewal " the first call prompts you to connect your browser opens the authorize … to access nue screen pick how you sign in (salesforce production, salesforce sandbox, or nue email & password) and complete the login — including any mfa your org requires this all happens in your browser you'll see "you're connected you can close this tab " back in your client, the action retries automatically and you're working in nue that's it — no keys, no json, no urls to paste into a secrets field use case one nue connector, every ai client because nue's mcp servers follow the open mcp authorization standard, the same one click experience works everywhere — as a custom connector in chatgpt and claude , and in coding agents like codex and claude code connect once per client; the sign in screen, your identity, and your scopes are identical no matter which client you use a few ways teams use this a revops lead in chatgpt or claude adds nue as a custom connector and asks, in plain language, "which accounts are up for renewal next quarter, and what's the arr at risk?" — answered live from nue, under their own access a developer in codex or claude code connects nue alongside their codebase and has the agent pull live pricing or draft a change quote while building an integration — no test api key sitting in a dotfile a sales engineer switches between chatgpt on the web and claude on the desktop — same nue connection model, same permissions, in both chatgpt & claude (custom connector) open your client's settings → connectors and choose add custom connector paste the nue mcp server url and click connect production — https //mcp nue io/mcp sandbox — https //mcp sandbox nue io/mcp authorize in the browser using the sign in screen above codex add the nue mcp server url to your codex mcp configuration (production https //mcp nue io/mcp , sandbox https //mcp sandbox nue io/mcp ) oauth is supported via codex mcp login \<server name> this opens the browser authorize screen; sign in and you're connected claude code claude mcp add transport http nue https //mcp nue io/mcp # production claude mcp add transport http nue https //mcp sandbox nue io/mcp # sandbox run a nue tool, and claude code opens the browser to authorize claude code to access nue sign in, and you're connected same identity, everywhere whichever client you connect from, the assistant acts as the user who signed in — with that user's scopes and audit trail connecting in one client doesn't grant access in another; each device authorizes once reconnect when your session expires sessions are short lived by design when yours expires, your client shows a small "reconnect to nue" prompt click it and sign in again — it's usually faster the second time, because your salesforce session is often still active no reconfiguration needed connect with a static api key (alternative) if your client doesn't support oauth — or you're connecting the price builder mcp , which still uses key based auth — you can connect with a static nue api key header instead the key's nue user role determines which tools and records the connection can access, so provision it with the least privilege role for the job nue environment mcp server endpoint sandbox https //mcp sandbox nue io/mcp production https //mcp nue io/mcp { "mcpservers" { "nue" { "type" "http", "url" "https //mcp nue io/mcp", "headers" { "nue api key" "your nue api key" } } } } for full per client setup and the price builder endpoints, see customer lifecycle mcp docid\ cf8cbhygypd3ozg7ym2gy and price builder mcp docid\ vmvbd0nkai8uvh0rkvyls how your connection stays secure you sign in, nue doesn't store your password salesforce mfa and sso run in your own browser on every fresh authorization short lived, per user tokens are held securely by your client (in the os keychain) — not in a plain text config file your access, your limits the assistant inherits your salesforce record level sharing and field security, and can be scoped narrower than your full nue role everything is auditable to you tool calls are logged against your identity — so it's always clear who did what, not just "mcp " related customer lifecycle mcp docid\ cf8cbhygypd3ozg7ym2gy — subscriptions, quotes, orders, renewals, and billing tools, plus the api key fallback price builder mcp docid\ vmvbd0nkai8uvh0rkvyls — products, pricing rules, bundles, and sku config external mcp servers docid\ tassmkgq9g 37sfc0hzjz — connect your own analytics, call intelligence, and meeting tools so nue's agent can reach the rest of your stack nue mcp servers overview docid\ hoezwahqtpnythyko9bif — what mcp is, the nue mcp catalog, and how the servers fit together