API Keys

Create and manage API keys for MCP server authentication

API Key Management

API keys are secure credentials that authenticate your MCP server with Metrifyr. Each key can be configured with granular permissions to control exactly which tools are available.

What Are API Keys?

An API key is a secret token that:

1. Identifies your MCP client to Metrifyr
2. Authenticates requests from the MCP server
3. Controls which tools the MCP server can use
4. Tracks usage and rate limits per key

Example API key: mcp_1a2b3c4d5e6f7g8h9i0j

Creating an API Key

Step 1: Navigate to Dashboard

Go to Dashboard > API Keys and click "Create API Key".

Step 2: Configure Key

Name your key: Use a descriptive name to identify where it's used:

• ✅ "Claude Desktop - MacBook Pro"
• ✅ "Cursor IDE - Work Machine"
• ✅ "Production Server"
• ❌ "key1" (not descriptive)

Select tools to enable:

Choose which tool groups this key can access:

Enable memory (optional):

• Toggle on to allow this key to use AI memory
• Memory items are stored per-key
• Useful for separating production vs development contexts

Step 3: Copy Your Key

After creating, your API key is shown only once. Copy it immediately and store it securely.

⚠️ Important: You cannot view the key again after closing this dialog. If you lose it, you'll need to create a new key.

Using API Keys

In MCP Server Config

Add your API key to the MCP server environment:

Claude Desktop:

{
  "mcpServers": {
    "metrifyr": {
      "command": "npx",
      "args": ["-y", "@metrifyr/mcp-server@latest"],
      "env": {
        "METRIFYR_API_KEY": "mcp_your_key_here"
      }
    }
  }
}

Environment Variable:

export METRIFYR_API_KEY="mcp_your_key_here"

Direct Usage:

const apiKey = process.env.METRIFYR_API_KEY;
// Use in MCP server initialization

Managing API Keys

View All Keys

In Dashboard > API Keys, you'll see a table with:

• Name - Key identifier
• Created - When the key was created
• Last Used - Most recent request timestamp
• Tools - Number of enabled tools (e.g., "45/58 tools")
• Memory - Whether memory is enabled
• Actions - Edit, Revoke

Edit Key Permissions

1. Click on a key name in the table
2. A modal opens showing:
   • Tool group toggles (Analytics, AdSense, etc.)
   • Memory toggle
   • Usage statistics for this key
3. Make changes and click "Save"

Changes take effect immediately - the MCP server will use updated permissions on the next request.

Revoke Keys

When to revoke:

• ❌ You lost your key
• ❌ A device was stolen
• ❌ You no longer use a particular MCP client
• ❌ The key was exposed publicly (e.g., committed to Git)

How to revoke:

1. Find the key in the API Keys table
2. Click "Revoke" button
3. Confirm deletion

The key stops working immediately. Any MCP clients using it will get "401 Unauthorized" errors.

Security Best Practices

✅ Do This

Use descriptive names:

"Claude Desktop - Personal MacBook"
"Cursor IDE - Work Desktop"
"CI/CD Pipeline - GitHub Actions"

Create separate keys for different purposes:

• One key per device
• One key per team member
• One key per environment (dev/staging/prod)

Store keys securely:

• Environment variables
• Secret managers (AWS Secrets Manager, 1Password)
• MCP client config (not in source code)

Rotate keys periodically:

• Create a new key every 3-6 months
• Revoke the old one after updating configs

❌ Don't Do This

Don't commit keys to Git:

# BAD - never do this!
METRIFYR_API_KEY=mcp_abc123...

Don't share keys between users:

• Each person should have their own key
• Sharing makes it impossible to track who did what

Don't use the same key everywhere:

• If one machine is compromised, all are at risk
• Revoking one key shouldn't break everything

Don't hardcode keys in source code:

// BAD
const apiKey = 'mcp_abc123...';

// GOOD
const apiKey = process.env.METRIFYR_API_KEY;

Key Format

Metrifyr API keys follow this format:

mcp_[32 random alphanumeric characters]

Example: mcp_1a2b3c4d5e6f7g8h9i0j1k2l3m4n5o6p

Version prefix:

• mcp_ - Current version

Character set:

• Lowercase letters (a-z)
• Numbers (0-9)
• No special characters

Rate Limits Per Key

Each API key has its own rate limit:

Free tier:

• 1,000 requests per day
• Shared across all keys on your account

Pro tier (coming soon):

• 10,000 requests per day per key
• Isolated limits (each key gets its own quota)

See rate limits reference

Usage Analytics Per Key

View detailed analytics for each key:

Request metrics:

• Total requests (lifetime)
• Requests today/this week/this month
• Success vs error rate

Tool usage:

• Which tools are used most
• Average response time per tool
• Error rates per tool

Time series:

• Daily request chart
• Peak usage times

Access analytics in Dashboard > Usage and filter by API key.

Troubleshooting

"Invalid API key" error

Causes:

• Key was revoked
• Key was typed incorrectly
• Key expired (keys don't expire unless revoked)

Fix:

1. Verify the key in your MCP config matches exactly
2. Check Dashboard > API Keys to see if it's still active
3. If lost, create a new key

"Permission denied" error

Causes:

• Tool is not enabled for this key
• OAuth scope not granted in Google account

Fix:

1. Check which tools are enabled for this key in dashboard
2. Verify you've connected Google and granted the right scopes
3. Try enabling the tool group in key settings

Key not working after creation

Causes:

• MCP client not restarted
• Key not copied correctly (typo)

Fix:

1. Restart your MCP client (Claude Desktop, Cursor, etc.)
2. Double-check the key matches exactly
3. Check MCP client logs for connection errors

See full troubleshooting guide

Next Steps