Security & API Keys

API Key Authentication

ContextForge uses API keys to authenticate MCP clients. Each key is securely hashed using SHA-256 before storage.

Creating API Keys

Generate API keys from the dashboard or via the API.

1. 1

   Go to Settings

   Navigate to Dashboard → Settings → API Keys

2. 2

   Click "Create New Key"

   Enter a descriptive name for the key

3. 3

   Copy your key immediately

   The full key is only shown once. Store it securely.

Key Scopes

API keys can have different permission levels.

Using API Keys

export CONTEXTFORGE_API_KEY="cf_live_your_key_here"

# Or in claude_desktop_config.json:
{
  "mcpServers": {
    "contextforge": {
      "command": "contextforge-mcp",
      "env": {
        "CONTEXTFORGE_API_KEY": "your-api-key-here",
        "CONTEXTFORGE_API_URL": "https://your-project-ref.supabase.co"
      }
    }
  }
}

curl -X POST https://your-project.supabase.co/functions/v1/query \
  -H "Authorization: Bearer cf_live_your_key_here" \
  -H "Content-Type: application/json" \
  -d '{"query": "authentication patterns"}'

Revoking Keys

If a key is compromised, revoke it immediately from the dashboard.

1. Go to Dashboard → Settings → API Keys
2. Find the compromised key
3. Click "Revoke" - this is immediate and cannot be undone
4. Create a new key to restore access

Data Security

Best Practices

• Use environment variables

  Never hardcode API keys in your configuration files

• One key per environment

  Use separate keys for development, staging, and production

• Rotate keys regularly

  Create new keys and revoke old ones periodically

• Use minimum required scopes

  Only grant the permissions each key actually needs

• Monitor key usage

  Check last_used_at to identify unused or suspicious keys