Authentication
API keys, how to use them, and how to manage them.
All requests to Recordari require an API key. Keys are scoped to your workspace and passed as a Bearer token on every request.
Generating a key
- Sign in at recordar.io
- Go to Dashboard → API Keys
- Click New key, give it a label, and copy the value
The key is shown once. If you lose it, revoke it and generate a new one.
Using your key
Pass it as a Bearer token in every request to api.recordar.io:
Authorization: Bearer YOUR_API_KEY
When you configure an MCP client like Claude Code, this goes in the headers block of your config:
{
"mcpServers": {
"recordari": {
"type": "http",
"url": "https://api.recordar.io/mcp",
"headers": {
"Authorization": "Bearer YOUR_API_KEY"
}
}
}
}Key types
| Type | What it can do |
|---|---|
workspace | Access to all MCP tools. Use this for agents and CI pipelines. |
org_admin | Manages workspace keys, users, and organisation settings. |
For connecting agents, use a workspace key. org_admin keys are for managing the workspace itself.
How many keys can I have?
| Plan | Keys |
|---|---|
| Free | 1 |
| Pro | 3–5 |
| Team | 10+ |
| Enterprise | Custom |
If you need separate keys for different agents or pipelines, Pro or Team gives you that headroom.
Rotating a key
When you need to rotate:
- Generate a new key from the dashboard
- Update your
.mcp.json(or wherever the key is stored) to use the new value - Revoke the old key from the dashboard
Revocation is immediate - any request using a revoked key gets a 401 response.
Keeping keys safe
A few things worth being deliberate about:
- Don't commit
.mcp.jsonto version control if it contains a live key. Add it to.gitignore. - Use environment variable references if your MCP client supports them.
- Use separate keys for interactive sessions and automated pipelines - it makes revocation much cleaner if something goes wrong.
Revoking a key
Go to Dashboard → API Keys, find the key, and click Revoke. This is permanent - the key cannot be reinstated.