Skip to main content

What Are API Keys?

API keys are secure tokens that let your AI assistant authenticate with ULPI.io. Think of them like passwords, but for machines instead of humans. Each API key:
  • Belongs to your tenant (organization)
  • Has specific permissions (scopes)
  • Can be revoked at any time
  • Tracks usage for billing

Creating an API Key

1

Open API Keys

Navigate to API Keys in your ULPI dashboard
2

Click Create

Press Create API Key button
3

Configure

Fill in the key details:
  • Name: Descriptive name (e.g., “Production Claude Desktop”)
  • Environment: Test or Live
  • Type: Restricted (recommended) or Unrestricted
  • Scopes: MCP permissions
4

Save Key

Copy the key immediately - it’s only shown once!
Important: Save your API key in a secure location. ULPI never stores the full key after creation.

Understanding Environments

Test Environment

  • For development and testing
  • Free unlimited usage
  • Separate from production data

Live Environment

  • For production use
  • Counts toward your billing
  • Real customer data
Start with Test keys during setup. Switch to Live when you’re ready to go to production.

Understanding Scopes

Scopes control what your API key can do. Available scopes:
ScopeDescriptionRequired For
mcp:searchSearch documentationClaude Desktop, VSCode
mcp:get_docGet full document contentExpanding documents
mcp:list_reposList available repositoriesRepository browsing
repo:readRead repository metadataAdvanced integrations
repo:writeModify repository settingsAdmin operations
For typical MCP usage (Claude Desktop/VSCode), enable:
  • mcp:search
  • mcp:get_doc
  • mcp:list_repos
You usually don’t need repo:write for AI assistants.

Token Types

  • Require explicit scopes
  • More secure
  • Can be limited to specific actions
  • Use this for production

Unrestricted Tokens

  • Access to all features
  • Easier for development
  • Less secure
  • Only use for testing

Managing API Keys

Viewing Keys

In the API Keys dashboard, you’ll see:
  • Key name and prefix (first 8 characters)
  • Environment (test/live)
  • Last used timestamp
  • Creation date
  • Status (active/expired)

Revoking Keys

If a key is compromised or no longer needed:
  1. Go to API Keys
  2. Find the key to revoke
  3. Click Revoke
  4. Confirm deletion
Revoking a key is immediate. Any applications using it will lose access.

Rotating Keys

Best practice: Rotate keys every 90 days
  1. Create a new API key
  2. Update your MCP configuration
  3. Test the new key
  4. Revoke the old key

Key Expiration

API keys can have expiration dates:
1

Set Expiration

When creating a key, set Expires At field
2

Renewal Reminder

ULPI will email you 7 days before expiration
3

Create New Key

Generate a replacement key before expiration
For production keys, set expiration to 90 days for better security.

Security Best Practices

Store API keys in environment variables or secret managers, never in source code.
Always choose “Restricted” type and minimal required scopes.
Create different keys for development, staging, and production.
Update keys every 90 days, even if not compromised.
Check the “Last Used” timestamp regularly for suspicious activity.

Troubleshooting

”Invalid API Token” Error

Possible causes:
  • Key was revoked
  • Key has expired
  • Wrong key copied (check for extra spaces)
  • Using test key in live environment
Solution: Generate a new key and update your configuration.

Key Not Working After Creation

Wait 30 seconds - New keys take a moment to propagate across ULPI’s infrastructure.

Can’t See My Key

API keys are only shown once during creation. If you lost it, you must:
  1. Revoke the old key
  2. Create a new key
  3. Update your configuration

API Key Limits

PlanMax KeysRate Limit
Free3100 requests/day
Pro1010,000 requests/day
EnterpriseUnlimitedCustom

Need More?

Upgrade your plan at app.ulpi.io/billing

Next Steps

You can now use your API key to configure ULPI with your preferred MCP-compatible IDE (Claude Desktop, VSCode, Cursor, Windsurf, Zed, etc.).