How keys authenticate
Send your key as a bearer token on every API request:Create a key
Name the key
Enter a name that describes where the key will be used — for example, the app or
workflow that will hold it.
Connect to an AI agent (MCP)
The API keys page also shows a Connect to an AI agent (MCP) helper card, and the same helper appears inside the key-created dialog right after you generate a key. Use it to wire up the hosted MCP server without copy-pasting a key by hand. The helper auto-selects the organization’s active API key. If your org has no key yet, opening the helper auto-creates one for you — so every install command and deeplink it produces is already filled in with a working key. Pick the client you use; the card gives you one method per client:| Client | What the helper produces |
|---|---|
| Claude Code | A ready-to-run claude mcp add … --header command. |
| Codex | A ready-to-run codex mcp add … --url command. |
| VS Code | A ready-to-run code --add-mcp command. |
| Cursor | A one-click Add to Cursor deeplink that installs the server in Cursor. |
| Claude Desktop / ChatGPT | The connector URL with ?api_key=… to paste into the client’s “add connector” UI. |
Manage existing keys
Keys are listed in Enabled and Disabled sections. Each card shows:- The name — click to edit it inline.
- The status — enabled or disabled.
- A masked key with a copy button.
- Last used — when the key last made a request.
- Created — when you generated it.
Disable vs. delete
- Disable — toggle a key off to revoke its access immediately without removing it. Re-enable it later to restore access. Use this to rotate or temporarily cut off a key.
- Delete — remove a key permanently. You’re asked to confirm, and you’re warned if the key was used in the last 24 hours, since deleting it will break whatever is still calling the API with it.
Related
Authentication
How bearer authentication works and what an invalid key returns.
Quickstart
Use your new key to make a first authenticated request.