API Keys

API keys authenticate requests to the Adlyse MCP servers and to any future Adlyse REST endpoints. They’re scoped to your organization — whatever the key can do, the holder of the key can do against your workspace’s data.

Creating a key#

1. Go to Admin → API Keys in the Adlyse dashboard.
2. Click Create API Key. Give it a descriptive name (e.g. “Claude Code”, “Zapier connector”, “CI pipeline”).
3. Copy the key value — it starts with mii_prod_ — and store it somewhere secure. You only see it once.

Authorization: Bearer mii_prod_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Revoking#

Revoke a key from the same page. Revocation is immediate; any client still using the key gets auth_error: Invalid or inactive API key on its next request.

Rotation#

For long-lived integrations, we recommend rotating keys periodically:

1. Create a new key.
2. Update the consuming client to use the new key.
3. Verify traffic is flowing against the new key (usage stats on the API Keys page).
4. Revoke the old key.

You can have multiple active keys simultaneously, so there’s no downtime.

Scoping#

Today, keys carry full org-level access. Per-resource scoping (e.g. “read-only”, “reports only”) is on the roadmap. Until it ships, issue separate keys per integration so you can revoke any one without affecting others.

OAuth (alternative)#

Some AI clients — notably Claude.ai — can OAuth into Adlyse directly instead of asking the user to paste a bearer token. When available, the OAuth flow produces a token that starts with mf_oauth_ and is scoped to the signing user’s organization. The flow is transparent: both token types work identically at the protocol layer.

Audit trail#

Every API call writes an entry to the key’s activity log. The API Keys page surfaces:

• Last-used timestamp
• Requests this period
• Top endpoints hit

Unexpected activity is a signal to rotate the key.

From MCP#

The MCP servers are the primary consumer of API keys today. See MCP Servers for endpoint URLs and the per-server tool reference.