Skip to content
Skip to Content
API Keys

API Keys

API keys are the credentials used to authenticate, authorize, and track usage across all SearchMCP interfaces — both the REST API and the MCP server. They also enforce credit consumption and QPS throttling.

Format & security

Each key is generated in the format:

smcp_<keyId>_<secret>

For example:

smcp_M7A1Ga1b-dVefQ_-PqLICLGYHWwMm5YaTfvluP4azS6QvV-
  • keyId — short identifier shown in the UI.
  • secret — cryptographic random string (~24 chars).
  • Together they form a secure, unique credential.

Team-scoped keys

API keys are tied to your team account. Every request you make consumes credits from the team balance. This ensures clear tracking of usage across all team members and integrations.

Limits

  • Each team can have up to 10 active API keys.
  • Keys can be revealed once created — they are stored encrypted in the database.
  • Keys can be deactivated. Deactivation is permanent and cannot be undone, so proceed carefully.

Managing keys

You can create, reveal, and deactivate keys directly in your dashboard:

→ Manage API Keys in Dashboard

Best practices

  • Keep your API keys secret — never share them publicly.
  • Use different keys for different environments (e.g., production vs. staging).
  • Rotate or deactivate keys regularly to maintain security hygiene.
  • Monitor your team’s credits and QPS limits in the dashboard to avoid interruptions.

API keys are the foundation of your integration with SearchMCP. Treat them like passwords, and manage them carefully.

Last updated on
Getting Started🔎 Search Overview