Skip to main content

API Keys

API keys provide programmatic access to the Octokraft API. Use them to connect MCP servers, CI pipelines, custom scripts, and other integrations.

Creating an API Key

1

Open API Key settings

Go to Settings > API Keys in your project.
2

Create a new key

Click Create API Key.
3

Name the key

Give the key a descriptive name that identifies its purpose — for example, “MCP Server”, “CI Pipeline”, or “Metrics Dashboard”.
4

Copy the key

Copy the API key immediately. It will not be shown again. Store it securely.
API keys are displayed only once at creation time. If you lose a key, revoke it and create a new one.

Using API Keys

Include the key in the Authorization header of your HTTP requests: 
curl "https://api.octokraft.com/api/v1/projects" \
  -H "Authorization: Bearer YOUR_API_KEY"
All API endpoints that accept API key authentication use the same Bearer token format.

Managing Keys

From Settings > API Keys, you can:
  • View all active keys with their names and last-used dates.
  • Revoke keys that are no longer needed. Revocation is immediate — any request using a revoked key will be rejected.
  • Create project-scoped keys that only have access to a specific project.

Best Practices

Use descriptive names

Name each key after its purpose so you can audit usage later. “CI Pipeline - GitHub Actions” is better than “key-1”.

One key per integration

Use separate keys for MCP, CI, scripts, and other integrations. If one is compromised, you can revoke it without affecting the others.

Revoke unused keys

When a team member leaves or an integration is decommissioned, revoke the associated key immediately.

Never commit keys to source control

Store API keys in environment variables or a secrets manager. Do not hardcode them in configuration files that are checked into version control.