API Keys

API keys authenticate your requests to the Runstack MCP server at /mcp. Each key belongs to a specific plan tier that controls how many tool executions it allows.

Plan limits

A tool execution is counted each time execute_tool is called through the MCP server. search_tools, check_authentication, and initiate_connection do not count toward the limit.

Creating a key

1. Go to Settings in the Runstack sidebar
2. Enter a name for the key (used only for your reference — e.g. Claude Desktop)
3. Select the plan tier
4. Click Create Key
5. Copy the key now — the full value is shown only once

Keys are prefixed with rsk_ followed by 64 hex characters.

Key security

• Keys are stored as SHA-256 hashes in the database — not in plain text
• Only the first 12 characters (keyPrefix) are stored for display
• If a key is compromised, delete it immediately from Settings and create a new one
• Never commit keys to source control

Usage tracking

Each key tracks:

• Usage count — total calls to execute_tool
• Usage limit — cap based on plan (null = unlimited)
• Last used — timestamp of most recent execution

The Settings page shows a usage bar for each key. When usage reaches 80% of the limit the bar turns yellow; at 100% it turns red and the key is blocked until you upgrade or delete and recreate it.

Deleting a key

Click the trash icon next to any key in Settings. Deletion is immediate and permanent — any client using that key will receive a 401 Unauthorized response on its next request.

Multiple keys

You can create as many keys as you need. Common patterns:

• One key per MCP client (Claude Desktop, Cursor, custom scripts)
• One key per environment (development, production)
• Separate keys for different team members