API Keys
API keys are the credentials used to authenticate, authorize, and track usage across all SearchMCP interfaces — both the REST API and the MCP server. They also enforce credit consumption and QPS throttling.
Each key is generated in the format:
smcp_<keyId>_<secret>For example:smcp_M7A1Ga1b-dVefQ_-PqLICLGYHWwMm5YaTfvluP4azS6QvV-
- The keyId is a short identifier for UI display.
- The secret is a cryptographic random string (~24 chars).
- Together they form a secure, unique credential.
API keys are tied to your team account. Every request you make consumes credits from the team balance. This ensures clear tracking of usage across all team members and integrations.
- Each team can have up to 10 active API keys.
- Keys can be revealed once created — they are stored encrypted in the database.
- Keys can be deactivated. Deactivation is permanent and cannot be undone, so proceed carefully.
You can create, reveal, and deactivate keys directly in your dashboard:
- Keep your API keys secret — never share them publicly.
- Use different keys for different environments (e.g., production vs. staging).
- Rotate or deactivate keys regularly to maintain security hygiene.
- Monitor your team’s credits and QPS limits in the dashboard to avoid interruptions.
API keys are the foundation of your integration with SearchMCP. Treat them like passwords, and manage them carefully.