> ## Documentation Index
> Fetch the complete documentation index at: https://sleekplan.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication overview

> Sleekplan supports four authentication mechanisms — JWT SSO for users, API keys for the REST API, OAuth for MCP clients, and secret tokens for webhooks and Canvas

Sleekplan uses different authentication mechanisms depending on what you are integrating with. This page summarizes each and links to the detailed guide.

## Choose your auth method

| Method                | Use when                                                       | Where the secret lives                                                    | Detail page                                      |
| --------------------- | -------------------------------------------------------------- | ------------------------------------------------------------------------- | ------------------------------------------------ |
| **JWT SSO**           | Logging your users into the widget, embed, or standalone page  | Your server signs tokens with a private key from **Settings → Developer** | [Single Sign-On](/authentication/single-sign-on) |
| **REST API key**      | Calling the Sleekplan API from your own backend                | API key from **Settings → Developer**, sent as `Authorization: Bearer`    | [API keys](/authentication/api-keys)             |
| **MCP OAuth 2.1**     | Connecting AI clients (Claude, Cursor, etc.) to your workspace | Issued by Sleekplan during the OAuth flow                                 | [MCP Server](/mcp-server)                        |
| **Webhook secret**    | Verifying incoming webhook deliveries on your endpoint         | You set a `?key=` GET parameter when you create the webhook               | [Webhooks](/webhooks)                            |
| **Canvas `X-Secret`** | Verifying incoming Canvas requests on your endpoint            | You set a secret token when installing the Custom Integration             | [Custom Integration overview](/canvas/overview)  |

## Where to find your credentials

Both the JWT SSO private key and the REST API key are available in **Settings → Developer** at [https://app.sleekplan.com/settings/developer](https://app.sleekplan.com/settings/developer).

<Warning>
  Treat both secrets like passwords. Never commit them to source control, expose them in client-side code, or share them in public channels.
</Warning>

## Choosing the right method

* Authenticate a logged-in user in the widget → **JWT SSO**.
* Read or write Sleekplan data from your own backend → **API key**.
* Let an AI assistant query Sleekplan in natural language → **MCP OAuth**.
* React to events happening in Sleekplan → **Webhook secret** (plus, optionally, an IP allow-list).
* Render custom UI inside the Sleekplan admin → **Canvas `X-Secret`**.
