{"id":"authentication","title":"Authentication","description":"Session cookies, personal access tokens (MCP), and tier gating.","url":"https://trefolio.com/api/docs/authentication","content":{"methods":[{"id":"session_cookie","header":"Cookie: trefolio_session=<jwt>","used_by":["Warren MOAT REST","Warren chat","portfolio REST"],"obtain":"Sign in at trefolio.com (OIDC via user.trefolio.com when unified accounts are enabled)."},{"id":"bearer_pat","header":"Authorization: Bearer tfp_pat_<64-hex>","used_by":["MCP /api/mcp/user only"],"obtain":"Mint at user.trefolio.com → Developer, or from trefolio Profile → Devices → AI & MCP access.","claude_desktop_note":"Claude Settings → Connectors → Custom connector asks for OAuth Client ID. trefolio does NOT use OAuth for MCP — use claude_desktop_config.json with type http and Authorization Bearer header instead.","claude_desktop_config_path":"~/Library/Application Support/Claude/claude_desktop_config.json (macOS)"}],"tiers":{"free":"Folio plan — limited AI and MOAT quotas.","pro":"Trefolio plan — higher quotas; MOAT evaluation and Warren AI narrative require Pro for fresh runs."}}}