OAuth Authentication for MCP

Connecting your AI coding tools to Dash0 just got a lot simpler. Dash0's MCP server now supports OAuth 2.0 authentication, so tools like Claude Code, Cursor, Windsurf, and other MCP-compatible clients can authenticate without requiring you to create and manage static API tokens.

How It Works

When you add Dash0 as an MCP server in your AI tool of choice, the tool will automatically open a browser window where you log in and grant consent — just like connecting any other app. Behind the scenes, Dash0 handles dynamic client registration, token exchange, and automatic refresh. You never touch a token.

For example, in Claude Code

1
claude mcp add --transport http dash0 {{endpoint_mcp}}

That's it. Claude Code will walk you through the OAuth flow on first use.

Why This Matters

No more token management. You don't need to visit the Dash0 UI to create an auth token, copy it into your config, and remember to rotate it.
Short-lived, auto-refreshing tokens. Access tokens expire in 15 minutes and refresh automatically - reducing the blast radius if a token is ever compromised.
Full audit trail. Every OAuth authorization, token exchange, and revocation is tracked in your organization's audit log.
Revocable at any time. You can review and revoke connected applications from your Dash0 settings (User Settings -> Applications).

What You Get

Once connected, your AI tool has access to 20+ MCP tools for querying your observability data - service catalogs, PromQL metrics, logs, traces, synthetic checks, dashboards, and more. All scoped to your user permissions and dataset access.

Traditional Tokens Still Work

If you prefer managing tokens yourself - for CI pipelines, scripts, or automated workflows - bearer token authentication remains fully supported. OAuth is an additional option, not a replacement.