> ## Documentation Index
> Fetch the complete documentation index at: https://api.globalwebindex.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Authorization

Spark MCP supports two authentication methods. **Use OAuth 2.0** for LLMs like Claude and ChatGPT. **Use access tokens** only for developer or custom agents.

## Choose your method

* **OAuth 2.0 (recommended)** – Users sign in with their **GWI login** (email/password or SSO). The LLM manages tokens (issue/refresh) automatically—**no manual headers**.
* **Access token (developer/custom agents)** – For headless clients or environments that don’t support OAuth yet.

> **Rule of thumb:** If your LLM supports custom connectors, use **OAuth**. Use a **token** only for custom/automation scenarios.

## OAuth 2.0 (recommended)

Let users connect by signing in with their GWI credentials. The LLM securely stores and refreshes tokens on their behalf.

**High-level flow**

1. **Setup:** Add the **GWI Spark** connector to your LLM (e.g., Claude, ChatGPT, Copilot); this step may require a workspace/admin on that platform.
2. **User:** Select **GWI Spark** in the LLM and click **Connect**.
3. **Sign in:** Redirected to the GWI sign-in page (email/password or SSO), review scopes, click **Allow**.
4. **Done:** Returned to the LLM; tokens are stored and refreshed silently on future calls.

**LLM-specific setup**

* **Claude (Web/Desktop):** [integration-guide](/spark-mcp/integration-guide/claude/custom-connector)
* **ChatGPT (Web/Desktop):** [integration-guide](/spark-mcp/integration-guide/chatgpt/custom-connector)
* **Copilot Studio:** [integration-guide](/spark-mcp/integration-guide/copilot-studio/custom-connector)

**Revocation & expiry**

* **Org level:** Admins can unpublish/remove the connector or end the organization’s Spark MCP access.
* **User level:** Users can revoke access in GWI account settings; they’ll be asked to sign in next time.
* **Refresh:** Handled by the LLM; no action required.

## Access tokens (developer/custom agents)

Use when OAuth isn’t supported (e.g., headless agents, bespoke MCP clients).

**Send the token**

```
Authorization: Bearer <YOUR_ACCESS_TOKEN>
```

* Token scope matches your organization’s configured access.
* **Protect tokens** like credentials; rotate regularly.

## Troubleshooting

* **Connector not visible:** Ask a workspace admin to add/publish **GWI Spark**.
* **Access denied:** Confirm with your GWI contact that your **email/domain** is enabled for your organization.
* **Token errors (developer):** Verify the `Authorization: Bearer` header and that the token hasn’t expired or been revoked.

*For prerequisites and supported surfaces, see* **Getting started → Prerequisites**.