Skip to main content

Managing Connections

The MCP Connections page in the Waxell dashboard shows every OAuth connection from Claude Desktop, Claude Code, and other MCP clients. From this page you can see which clients are connected, revoke access, and regenerate API keys without asking users to re-authenticate.

Connections are created automatically when an MCP client completes the OAuth flow. You do not create connections manually — see Connect via OAuth for setup instructions.

Accessing the Page

Navigate to Settings > MCP in the Waxell dashboard. The page is available at /settings/mcp-connections.

note

You need the MCP_CONNECTIONS_READ permission to view this page. Without it, you will see a "Permission Denied" message. See Permissions below.

Viewing Connections

Each connection appears as a row in the connections list. The header shows the total number of connections.

FieldDescription
Client nameThe name provided by the MCP client during OAuth registration (e.g., "Claude Desktop"). If the client did not provide a name, this falls back to "MCP Client".
Statusactive (green badge) means the connection is live and the client can make requests. revoked (red badge) means the connection has been terminated.
User emailThe Waxell account that authorized this connection. This is the user who signed in during the OAuth flow.
API key prefixThe first characters of the auto-provisioned API key for this connection (e.g., wax_sk_...). Each connection gets its own dedicated key.
Connected dateWhen the OAuth flow was first completed and the connection was established. Displayed as a formatted date (e.g., "Jan 15, 2026").
Last tokenThe last time an access token was refreshed for this connection. Shows relative time (e.g., "3h ago") or "Never" if no token refresh has occurred since the initial authorization.

Revoked connections remain visible in the list with a red status badge and a "Revoked" date, but they no longer have action buttons.

Revoking a Connection

Revoking a connection permanently disconnects an MCP client and deactivates its API key.

Steps:

  1. Find the connection you want to revoke in the connections list
  2. Click the trash icon on the right side of the connection row
  3. A confirmation dialog appears: "Revoke this MCP connection? The associated API key will be deactivated and the client will need to re-authorize."
  4. Click OK to confirm, or Cancel to abort
caution

Revoking is immediate and cannot be undone. After you revoke a connection:

  • The connection's API key is deactivated instantly
  • The MCP client receives a 401 Unauthorized response on its next request
  • The client must complete the full OAuth flow again to reconnect (browser login, new authorization code, new tokens)
  • A new connection and new API key will be created when the client re-authorizes

Use revoke when a device is lost, a team member leaves, or you need to cut off a specific client immediately.

Regenerating an API Key

Regenerating rotates the API key for a connection without disconnecting the client.

Steps:

  1. Find the active connection whose key you want to rotate
  2. Click the key icon on the right side of the connection row
  3. A confirmation dialog appears: "Regenerate the API key for this connection? The old key will be deactivated immediately."
  4. Click OK to confirm, or Cancel to abort
tip

After regeneration:

  • The old API key is deactivated immediately
  • The connection itself remains active
  • The MCP client automatically receives a new access token on its next refresh cycle (within 1 hour at most)
  • No user action is required -- the client handles the transition transparently

Use regenerate for routine key rotation or if you suspect a key may have been exposed but still trust the device.

Permissions

Access to the MCP Connections page is controlled by two permissions:

PermissionMaps toWhat it allows
MCP_CONNECTIONS_READapi-keys:readView the connections list and all connection details
MCP_CONNECTIONS_REVOKEapi-keys:revokeRevoke connections and regenerate API keys
  • Users with MCP_CONNECTIONS_READ but without MCP_CONNECTIONS_REVOKE can view all connections but will not see the trash or key action buttons.
  • Users without MCP_CONNECTIONS_READ are shown a "Permission Denied" screen when navigating to the page.

Built-in Help

The How to Connect button in the page header opens a help dialog that walks through connecting an MCP client in three steps:

  1. Open Claude Desktop settings and navigate to Developer > Edit Config
  2. Add the MCP server URL as a remote MCP server entry
  3. Authorize in the browser when prompted

The dialog also shows an example claude_desktop_config.json snippet with the correct URL pre-filled.

For the step-by-step connection guide, see Connect via OAuth. For details on the OAuth authorization protocol, see OAuth Flow.