Docs › Slima MCP › Get SLIMA_API_TOKEN
Get SLIMA_API_TOKEN
Last updated June 4, 2026 · 4 min read
Local stdio Slima MCP needs an API token — two paths.

Path 1: CLI auth flow (recommended)
Run:
npx slima-mcp@0 auth
What happens:
- Terminal says "Opening browser…"
- Default browser opens Slima sign-in
- Sign in (or if already, see authorize page)
- Click "Authorize"
- Redirect to localhost, browser closes
- Token saved to
~/.slima/credentials.json(chmod 600)
Every slima-mcp client subsequently auto-reads this token.
Path 2: set the token manually
If the CLI auth flow can't open a browser (server / CI / headless box):
- On any machine with a browser, run
npx slima-mcp@0 authonce - Open the saved
~/.slima/credentials.jsonand copy theslima_…value - On the headless machine, set that token directly — as an env var or in config:
# bash / zsh
export SLIMA_API_TOKEN="slima_..."
# or in config
echo '{"slima":{"command":"npx","args":["-y","slima-mcp@0"],"env":{"SLIMA_API_TOKEN":"slima_..."}}}'
Account → Authorized Apps is where you revoke a connection — it has no "create token" button; the token is minted by the
authsign-in above.
Differences
| CLI auth | Manual | |
|---|---|---|
| Where stored | ~/.slima/credentials.json (auto) |
env var / config (you) |
| Security | chmod 600, automatic | depends how you store |
| Best for | Most people | Automation / CI / multi-account |
Can one token serve multiple clients?
Yes — same token across Claude Desktop + Cursor + Gemini works.
But one token per client is recommended — revoking one doesn't affect others.
Related
Was this helpful?