Generate a new token for a specific database
generate_database_tokenGenerate a new authentication token for any Turso database, choosing between full-access or read-only permissions.
Instructions
Generate a new token for a specific database
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| database | Yes | Name of the database to generate a token for | |
| permission | No | Permission level for the token |
Implementation Reference
- src/tools/handler.ts:159-180 (handler)Handler registration for the 'generate_database_token' MCP tool - defines the tool name, description, schema, and the async handler function that calls organization_client.generate_database_token
server.tool( { name: 'generate_database_token', description: 'Generate a new token for a specific database', schema: GenerateDatabaseTokenSchema, }, async ({ database, permission = 'full-access' }) => { try { const jwt = await organization_client.generate_database_token( database, permission, ); return create_tool_response({ success: true, database, token: { jwt, permission, database }, message: `Token generated successfully for database '${database}' with '${permission}' permissions`, }); } catch (error) { return create_tool_error_response(error); } }, - src/tools/handler.ts:27-30 (schema)Zod schema for input validation of generate_database_token - requires 'database' (string) and optional 'permission' enum (full-access or read-only)
const GenerateDatabaseTokenSchema = z.object({ database: z.string().describe('Name of the database to generate a token for'), permission: z.enum(['full-access', 'read-only']).optional().describe('Permission level for the token'), }); - src/tools/handler.ts:159-164 (registration)Registration of the generate_database_token tool on the MCP server via server.tool()
server.tool( { name: 'generate_database_token', description: 'Generate a new token for a specific database', schema: GenerateDatabaseTokenSchema, }, - src/clients/organization.ts:198-207 (helper)Wrapper function in organization client that re-exports the token-manager's generate_database_token to avoid circular imports
export async function generate_database_token( database_name: string, permission: 'full-access' | 'read-only' = 'full-access', ): Promise<string> { // Import here to avoid circular dependencies const { generate_database_token: generate_token } = await import( './token-manager.js' ); return generate_token(database_name, permission); } - src/clients/token-manager.ts:46-88 (helper)Core implementation - makes a POST request to the Turso API to generate a database auth token with specified permission and expiration
export async function generate_database_token( database_name: string, permission: 'full-access' | 'read-only' = 'full-access', ): Promise<string> { const config = get_config(); const url = `https://api.turso.tech/v1/organizations/${config.TURSO_ORGANIZATION}/databases/${database_name}/auth/tokens`; try { const response = await fetch(url, { method: 'POST', headers: { Authorization: `Bearer ${config.TURSO_API_TOKEN}`, 'Content-Type': 'application/json', }, body: JSON.stringify({ expiration: config.TOKEN_EXPIRATION, permission, }), }); if (!response.ok) { const errorData = await response.json().catch(() => ({})); const errorMessage = errorData.error || response.statusText; throw new TursoApiError( `Failed to generate token for database ${database_name}: ${errorMessage}`, response.status, ); } const data = await response.json(); return data.jwt; } catch (error) { if (error instanceof TursoApiError) { throw error; } throw new TursoApiError( `Failed to generate token for database ${database_name}: ${ (error as Error).message }`, 500, ); } }