We just shipped add-mcp: think npx skills but for MCPs. One command to install MCPs across all your editors and agents
Neon
    Docs
    Log inSign up
    /Data API/Managing the Data API

    Manage Data API

    Configure schemas, manage authentication providers, and control API access.

    Beta

    The Neon Data API is in Beta. Share your feedback on Discord or via the Neon Console.

    Once the Data API is enabled, you can customize its behavior, manage how it authenticates users, or disable it entirely if it is no longer needed.

    Manage authentication providers

    Navigate to the Data API page in your project sidebar and select the Settings tab. The Authentication section lets you configure which authentication provider validates JWT tokens for your API requests.

    Data API settings

    Neon Auth (Default)

    When you enable the Data API with Neon Auth, it appears as the configured provider. This allows the API to trust tokens generated by Neon's authentication system. You can click on the provider dropdown to view details or switch providers.

    Add or change providers

    You can add, replace, or remove authentication providers. Note that only one provider can be configured at a time.

    • Add a provider: If no provider is currently configured, click Add provider and enter the JWKS URL supplied by your auth service (e.g., Auth0, Clerk, or Firebase). For help finding your provider's JWKS URL, see Custom authentication providers. Some providers also require a JWT Audience value.
    • Replace a provider: To switch to a different provider, remove the current one first, then add the new one using Add provider.
    • Remove a provider: Use the provider dropdown menu to remove the current provider.

    warning

    Impact of removal: Removing an authentication provider invalidates all tokens issued by that provider. Users relying on that provider will receive 401 Unauthorized errors until they authenticate via a valid provider.

    Advanced settings

    The Advanced settings section on the Settings tab controls the security, performance, and behavior of your Data API endpoint.

    Exposed schemas

    Default: public

    Defines which PostgreSQL schemas are exposed as REST API endpoints. By default, only the public schema is accessible. If you use other schemas (e.g., api, v1), select them from the drop-down list to add them.

    note

    Permissions apply: Adding a schema here exposes the endpoints, but the database role used by the API must still have USAGE privileges on the schema and SELECT privileges on the tables. Refer to Access control for Data API for more details.

    Anonymous role

    Default: anonymous

    Specifies the database role used for unauthenticated requests (requests sent without an Authorization header). To allow public access to specific data, configure this role in your database using SQL GRANT statements.

    Maximum rows per request

    Default: Empty

    Enforces a hard limit on the number of rows returned in a single API response. This prevents accidental performance degradation from large queries. Clients should use pagination limits to retrieve data within this threshold. This also prevents unexpected egress costs from large data transfers.

    CORS allowed origins

    Default: Empty (Allows all origins)

    Controls which web domains are permitted to fetch data from your API via the browser.

    • Empty: Allows * (any domain). Useful for development.
    • Production: List your specific domains (e.g., https://myapp.com) to prevent unauthorized websites from querying your API.

    OpenAPI specification

    Default: Disabled

    When enabled, an auto-generated OpenAPI 3 schema describing your tables, columns, and REST endpoints is available at your Data API URL with /openapi.json appended:

    https://your-data-api-endpoint/rest/v1/openapi.json

    Authentication required

    Accessing the OpenAPI spec requires a valid JWT token, just like other Data API requests. Include the Authorization: Bearer header when fetching the spec:

    curl -X GET 'https://your-data-api-endpoint/rest/v1/openapi.json' \
  -H 'Authorization: Bearer YOUR_JWT_TOKEN'

    You can use the OpenAPI schema to:

    • Import your API into Postman for easier exploration and testing
    • Generate API documentation (Swagger UI, Redoc)
    • Build typed client libraries (TypeScript, Python, Go)
    • Integrate with API gateways and other OpenAPI-based tools

    Auth API reference

    If you're using Neon Auth, there's also an interactive API reference for authentication endpoints. Navigate to your Auth URL with /reference appended (e.g., https://ep-example.neonauth.us-east-1.aws.neon.tech/neondb/auth/reference). You can use this to create test users, sign in, and obtain JWT tokens for testing. See Testing with Postman or cURL for details.

    Server timing headers

    Default: Disabled

    When enabled, the Data API includes Server-Timing headers in each response. These headers show how long different parts of the request took to process (for example, database execution time and internal processing time). You can use this information to debug slow queries, measure performance, and troubleshoot latency issues in your application.

    note

    After making changes to any advanced settings, click Save to apply them.

    Disable the Data API

    If you no longer need HTTP access to your database, you can disable the API entirely.

    Scroll to the Disable section at the bottom of the Settings tab and click the Disable button.

    Immediate Effect

    Disabling the Data API immediately terminates all active connections and blocks all incoming HTTP requests. Any applications, edge functions, or websites relying on the API will stop working instantly.

    PreviousBuilding a note-taking appNextTroubleshooting

    Last updated on

    Was this page helpful?

    On this page

    Open in ChatGPTOpen this page in ChatGPTOpen in ClaudeOpen this page in ClaudeConnect MCP on CursorConnect the Neon MCP server on CursorConnect MCP on VS CodeConnect the Neon MCP server on VS CodeEdit on GitHubSuggest changes to this page