API keys
Create, use, and revoke API keys for scripts, CI, and agents.
Creating a key
Settings → API keys → Create key (a name is optional but kind to your future self).
The key — it starts with crw_ — is shown once, at creation. We store only a hash, so
copy it somewhere safe immediately; if you lose it, revoke it and create a new one.
Using a key
Send it as a bearer token against the API:
curl https://crawlie.app/v1/reports \
-H "Authorization: Bearer crw_..." \
-H "x-crawlie-team: <workspace-id>"
The same key also authenticates MCP clients that don’t do OAuth. Full surface in the REST API overview.
Scope
Keys are tied to your account — a request with your key can do what you can do, in any
workspace you belong to (the x-crawlie-team header picks which one). There are no
narrower per-key scopes yet, so treat a key like your sign-in.
Housekeeping
The keys list shows each key’s prefix, creation date, and last used time — an easy way to spot dead keys. Revoke kills a key immediately; requests with it start failing on the spot. Keys don’t expire on their own.
If a key may have leaked (committed to a repo, pasted in a log), revoke it first and ask questions later — creating a replacement takes seconds.
Still stuck? Email us — a human replies, usually within a day.