API keys
Create organization-level keys for REST and MCP access.
API keys are organization-level credentials for non-interactive automation. Most people should connect MCP through the browser-based AuthKit OAuth flow first, then use API keys for CI, CLIs, and service accounts.
Keys can access every project in an organization unless project rules say otherwise.
Scopes
| Scope | Allows |
|---|---|
shiplets:read | List shiplets visible to the key |
shiplets:write | Publish shiplets |
feedback:read | Read review feedback |
feedback:write | Create replies and update feedback |
feedback:manage | Reserved for broader review administration |
mcp | Use the /api/mcp endpoint |
Project rules
Project rules refine a key after scope checks.
projectAccessMode: "all"allows every project unless a deny rule matches.projectAccessMode: "selected"allows only projects with an allow rule.- Deny rules win over allow rules.
REST example
curl https://shiplet.cc/api/shiplets \
-H "Authorization: Bearer $SHIPLET_API_KEY"Publish example
curl https://shiplet.cc/api/shiplets \
-H "Authorization: Bearer $SHIPLET_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "Internal launch board",
"subdomain": "internal-launch-board",
"assets": [
{
"path": "index.html",
"content": "PCFkb2N0eXBlIGh0bWw+PGgxPkhlbGxvPC9oMT4="
}
]
}'