Skip to main content

JWT Authentication

All API requests require a JWT token:
Tokens are obtained via the login flow (Firebase phone OTP or Google OAuth).

API Key Authentication (MCP)

For programmatic access via the MCP server, use an API key:

Creating an API Key

  1. Go to API Keys in the app
  2. Click Create API Key
  3. Copy and securely store your key

Key Management

Rate Limiting

  • MCP server: 60 requests per minute per API key
  • Backend APIs: Standard rate limiting applies

Internal Service Auth

Services communicate using X-Internal-Secret header for service-to-service calls.