nebulaonchain.xyz that any HTTP client can call directly, making it ideal for cloud-hosted agents and SaaS integrations. Both modes expose exactly the same set of Nebula tools; the difference is only in how the connection is established and authenticated.
Connection Modes at a Glance
- stdio (Local)
- Remote MCP (HTTP)
The The
@nebula/mcp package runs as a local stdio process. Your AI client (Claude Desktop, Cursor, Claude Code) spawns it directly and communicates over standard input/output. This is the simplest setup for local development and desktop AI clients.Best for: Local agents, Claude Desktop, Cursor, Claude Code, any MCP client that supports stdio servers.NEBULA_TOKEN environment variable is required. NEBULA_HUB is optional and defaults to https://nebulaonchain.xyz.Remote MCP with a Bearer Token
The simplest way to use the remote endpoint is with yournbl_live_… token as a Bearer credential. You get this token from the Connect page of the Nebula dashboard.
Endpoint: POST https://nebulaonchain.xyz/mcp
Required header: Authorization: Bearer nbl_live_…
Here is a complete example using fetch in JavaScript:
curl:
The remote MCP endpoint speaks the same MCP JSON-RPC protocol as the stdio transport. Any library or framework that supports Streamable HTTP MCP will work without modification.
OAuth Dynamic Client Registration (DCR)
For multi-user SaaS platforms where each of your customers needs their own Nebula connection, Nebula supports the OAuth 2.0 Dynamic Client Registration flow. This lets your platform register itself once and then redirect individual users through a standard OAuth authorization screen — no manual token generation per user. The flow has four steps:Discover server metadata
Fetch the OAuth server’s metadata document to get the endpoints you will need:This returns a JSON document with
registration_endpoint, authorization_endpoint, and token_endpoint values.Register your client (Dynamic Client Registration)
Register your application as an OAuth client. You only need to do this once per deployment:The response contains your
client_id and client_secret. Store these securely.Redirect the user to authorize
When a user wants to connect their Nebula account, redirect them to the authorization endpoint:The user logs in to Nebula and grants your application access. Nebula redirects back to your
redirect_uri with a code parameter.Bearer Token vs OAuth: Which Should You Use?
| Scenario | Recommended approach |
|---|---|
| Single agent for your own use | Bearer token (nbl_live_…) from the Connect page |
| Local AI client (Claude Desktop, Cursor) | stdio package with NEBULA_TOKEN env var |
| Cloud-hosted agent you control | Bearer token in server environment variable |
| SaaS platform with multiple end users | OAuth DCR flow — one token per user |
| CI/automation pipeline | Bearer token in secrets manager |