Skip to main content
Every agent that talks to Nebula needs a bearer token — a short string that starts with nbl_live_…. This token tells the Hub which wallet to use, which policy to enforce, and how to attribute transactions in your dashboard. This page explains how to create that token and how to wire it into whichever client you are using.

Getting your token

  1. Sign in at nebulaonchain.xyz.
  2. Go to the Connect page in the sidebar.
  3. Click New Agent, give it a descriptive name, and click Create.
  4. Copy the nbl_live_… token immediately — it is only shown in full once. If you lose it, you can regenerate a new token from the dashboard; the old token will stop working.
Each agent you create gets its own token and its own row in the Approvals and Activity views. Give agents meaningful names like cursor-dev, claude-research, or prod-payment-bot so you can tell them apart in the dashboard.

Connection options

Open ~/Library/Application Support/Claude/claude_desktop_config.json on macOS (or %APPDATA%\Claude\claude_desktop_config.json on Windows). Add the nebula entry inside mcpServers:
claude_desktop_config.json
{
  "mcpServers": {
    "nebula": {
      "command": "npx",
      "args": ["-y", "@nebula/mcp"],
      "env": {
        "NEBULA_TOKEN": "nbl_live_…"
      }
    }
  }
}
Save the file and restart Claude Desktop. Claude will launch @nebula/mcp as a subprocess on startup and keep it running for the session.

Environment variables

VariableRequiredDefaultDescription
NEBULA_TOKENYesYour nbl_live_… bearer token from the Connect page.
NEBULA_HUBNohttps://nebulaonchain.xyzOverride to point at a self-hosted Hub or local development instance (e.g. http://localhost:3000).

Verifying the connection

Once your client is configured, ask your agent:
“Call the Nebula ping tool.”
A successful response looks like:
Nebula is alive
2025-01-15T10:23:45.000Z
You can also ask for your wallet address to confirm the token is mapping to the right wallet:
“What is my Nebula wallet address?”
The agent will call get_address and return your Stellar public key (a G… string).

Security note: token vs secret key

Your NEBULA_TOKEN is a bearer token — it authorises tool calls but has no ability to sign Stellar transactions directly. Signing is always done inside the Hub, after policy checks pass. A Stellar secret key (which starts with S) would give anyone who holds it full, unconstrained control of the wallet. Nebula is designed so you never need to handle one.
Never put a Stellar secret key in your MCP configuration, environment files, or agent prompts. If any integration asks for an S… key, do not use it with Nebula.
If your NEBULA_TOKEN is ever exposed, go to the dashboard immediately, revoke the token, and create a new one. Your wallet funds remain safe because the token alone cannot sign transactions without the Hub’s policy layer.