generate_database_token
Create a new token with specified permissions for a Turso database using the MCP server, enabling secure access and management of database operations.
Instructions
Generate a new token for a specific database
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| database | Yes | Name of the database to generate a token for | |
| permission | No | Permission level for the token |
Implementation Reference
- src/tools/handler.ts:159-181 (registration)MCP tool registration for 'generate_database_token', including inline handler that delegates to organization_client and formats the response
server.tool( { name: 'generate_database_token', description: 'Generate a new token for a specific database', schema: GenerateDatabaseTokenSchema, }, async ({ database, permission = 'full-access' }) => { try { const jwt = await organization_client.generate_database_token( database, permission, ); return create_tool_response({ success: true, database, token: { jwt, permission, database }, message: `Token generated successfully for database '${database}' with '${permission}' permissions`, }); } catch (error) { return create_tool_error_response(error); } }, ); - src/tools/handler.ts:27-30 (schema)Zod schema for validating inputs to the generate_database_token tool: requires database name, optional permission ('full-access' or 'read-only')
const GenerateDatabaseTokenSchema = z.object({ database: z.string().describe('Name of the database to generate a token for'), permission: z.enum(['full-access', 'read-only']).optional().describe('Permission level for the token'), }); - src/clients/organization.ts:198-207 (helper)Wrapper in organization client that dynamically imports token-manager's generate_database_token to avoid circular dependencies
export async function generate_database_token( database_name: string, permission: 'full-access' | 'read-only' = 'full-access', ): Promise<string> { // Import here to avoid circular dependencies const { generate_database_token: generate_token } = await import( './token-manager.js' ); return generate_token(database_name, permission); } - src/clients/token-manager.ts:46-88 (handler)Core implementation of generate_database_token: makes authenticated POST request to Turso API to create a JWT token for the specified database with given permissions
export async function generate_database_token( database_name: string, permission: 'full-access' | 'read-only' = 'full-access', ): Promise<string> { const config = get_config(); const url = `https://api.turso.tech/v1/organizations/${config.TURSO_ORGANIZATION}/databases/${database_name}/auth/tokens`; try { const response = await fetch(url, { method: 'POST', headers: { Authorization: `Bearer ${config.TURSO_API_TOKEN}`, 'Content-Type': 'application/json', }, body: JSON.stringify({ expiration: config.TOKEN_EXPIRATION, permission, }), }); if (!response.ok) { const errorData = await response.json().catch(() => ({})); const errorMessage = errorData.error || response.statusText; throw new TursoApiError( `Failed to generate token for database ${database_name}: ${errorMessage}`, response.status, ); } const data = await response.json(); return data.jwt; } catch (error) { if (error instanceof TursoApiError) { throw error; } throw new TursoApiError( `Failed to generate token for database ${database_name}: ${ (error as Error).message }`, 500, ); } }