--- title: Authentication lastUpdated: '2026-06-03' nextjs: metadata: title: "Authentication - API Keys & Auth for Hive Intelligence" description: "Create and manage API keys for Hive Intelligence. Authenticate with an Authorization: Bearer header (or x-api-key) across MCP, REST API, and CLI." alternates: canonical: https://www.hiveintelligence.xyz/authentication keywords: "hive api key, crypto api authentication, mcp server auth, blockchain api key" --- Every request to Hive requires an API key. One key works across remote MCP clients, REST requests, the local stdio wrapper, the CLI, and the TypeScript adapter. {% ai-doc-actions path="/authentication" title="Authentication" /%} --- ## Create an API key 1. Go to [/dashboard/keys](/dashboard/keys) 2. Enter your email address 3. Open the sign-in link sent to your inbox 4. Store the key shown on the dashboard in your secret manager or environment --- ## Using Your Key ### Remote MCP clients Most documented clients connect directly to Hive's managed remote MCP endpoint: | Item | Value | | --- | --- | | Remote MCP URL | `https://mcp.hiveintelligence.xyz/mcp` | | Transport | Streamable HTTP | | Recommended auth | `Authorization: Bearer YOUR_HIVE_API_KEY` | Many clients use a JSON shape like this: ```json { "mcpServers": { "hive": { "url": "https://mcp.hiveintelligence.xyz/mcp", "headers": { "Authorization": "Bearer YOUR_HIVE_API_KEY" } } } } ``` Client field names vary. VS Code uses a top-level `servers` object, Gemini CLI uses `httpUrl`, Windsurf uses `serverUrl`, Claude Desktop uses the Custom Connectors UI, and OpenAI Responses API passes the key through `tools[].authorization`. Use [Install Hive](/install) or [Client Setup](/setup) for the exact client-specific config. After saving the config, restart the client or reload its MCP server list, then ask for a live price query and confirm the answer shows a Hive tool call. ### REST API Pass the key as a request header. `Authorization: Bearer` is the recommended form; `x-api-key` is accepted as a legacy alias. **Authorization: Bearer (recommended):** ```bash curl -X POST https://mcp.hiveintelligence.xyz/api/v1/execute \ -H "Content-Type: application/json" \ -H "Authorization: Bearer YOUR_HIVE_API_KEY" \ -d '{"tool": "get_price", "args": {"ids": "bitcoin", "vs_currencies": "usd"}}' ``` **x-api-key (also supported):** ```bash curl -X POST https://mcp.hiveintelligence.xyz/api/v1/execute \ -H "Content-Type: application/json" \ -H "x-api-key: YOUR_HIVE_API_KEY" \ -d '{"tool": "get_price", "args": {"ids": "bitcoin", "vs_currencies": "usd"}}' ``` Both authenticate identically. Prefer Bearer — it's the standard HTTP auth scheme and works out of the box with most clients, proxies, and SDKs. ### Local stdio wrapper Use local stdio only when your MCP client cannot call the remote HTTP endpoint directly or your network requires a local subprocess. Pass the key as an environment variable in your MCP client config: ```json { "mcpServers": { "hive-intelligence": { "command": "npx", "args": ["-y", "-p", "hive-intelligence@latest", "hive"], "env": { "HIVE_API_KEY": "YOUR_HIVE_API_KEY" } } } } ``` The MCP server reads `HIVE_API_KEY` at startup and sends it as a Bearer token on Hive requests. ### TypeScript MCP client adapter If you install the `hive-mcp-client` adapter (`npm install hive-mcp-client`), pass the key at client initialization: ```ts import { createHiveMcpClient } from 'hive-mcp-client'; const client = await createHiveMcpClient({ apiKey: process.env.HIVE_API_KEY, clientName: 'my-app', }); ``` Store keys in environment variables. Never hardcode them in source files. ### B2B subject signing B2B partner backends keep one Hive API key server-side and add signed subject headers for each downstream customer request. Store the subject signing secret separately from the API key, for example as `HIVE_SUBJECT_SIGNING_SECRET`, and derive `tenantId` plus `endUserId` from trusted server auth state. Do not accept tenant or end-user ids from a model prompt or browser body without validating them against your own session. The partner guide covers the full header contract and readiness check: [B2B Partner Adapter](/b2b-adapter). --- ## Key Management From [/dashboard/keys](/dashboard/keys) you can: - **Create multiple keys** - one per project or environment (development, staging, production) - **Revoke a key** - disables the key so new authenticated requests are rejected after auth-backend propagation - **Track usage** - see request counts and last-used timestamps per key Treat a revoked key as retired immediately in your own systems. New requests using a disabled key are rejected after the authentication backend observes the update; already in-flight requests may complete. --- ## Rate Limits Each API key has its own rate limit quota based on your plan. See [Rate Limits](/rate-limits) for plan quotas, retry headers, upstream provider-error behavior, and caching guidance. --- ## Related - [Quick Start](/quick-start) - make your first authenticated REST, MCP, or CLI call - [Install Hive](/install) - exact remote MCP config for supported AI clients - [Client Setup](/setup) - tabbed setup guide for remote MCP, CLI, and REST - [API Integration](/api-integration) - execute tools with the recommended Bearer header - [B2B Partner Adapter](/b2b-adapter) - isolate downstream customer state with signed subject headers - [MCP Security](/mcp-security) - keep API keys and subject secrets out of prompts and browser code