API Keys
Create and manage Bearer tokens for external API access
API keys let you authenticate external tools and scripts against the Rock8Cloud API. Keys are scoped to specific permissions and can be revoked at any time.
Access
Go to Settings → API Keys to view, create, and manage your keys.
Create a Key
- Click New key
- Enter a name (e.g.,
my-ci-tool,deploy-script) - Select the scopes you want to grant
- Click Create
After creation, the key is shown once. Copy it immediately — it will not be shown again.
Keys use the prefix vhk_ and are used as a Bearer token:
Authorization: Bearer vhk_abc123def456...Scope Limits
You can only grant scopes that are assigned to your membership. Your allowed scopes are shown at the top of the API Keys page.
Manage Keys
Each key shows:
- Name — the label you chose
- Hint — the first few characters of the key (
vhk_xxx...) - Scopes — the permissions granted
- Created date — when the key was created
- Last used — the most recent API call using this key
Delete a Key
Click the delete icon next to any key to permanently revoke it. This cannot be undone — any service using the key will immediately lose access.
MCP Servers
The API Keys page also lists MCP Servers — OAuth clients authorized via the Model Context Protocol (e.g., Claude Code, OpenCode). You can remove any authorized client to revoke its access.
For MCP setup instructions, see MCP Integration.
Best Practices
- Use descriptive names — helps identify which tool or script uses the key
- Grant minimum scopes — only grant the permissions the tool needs
- Rotate keys — create a new key, update your tool, then delete the old one
- Revoke unused keys — regularly audit and remove keys that are no longer needed
- Never commit keys — don't hardcode API keys in source code or config files committed to version control
Related
- MCP Integration — AI agent access via MCP
- Teams and Organizations — Manage organization access