Access Keys

Create and manage API, MCP, Widget, and Webhook access keys for integrations. Keys have scopes, expiration, and can be revoked at any time.

What Are Access Keys?

Access keys are credentials that allow external services and applications to authenticate with Clear Ideas and access specific features. Each key has:

• Key Type: Defines the purpose (API, MCP, Widget, or Webhook)
• Scopes: Specific permissions that control what the key can access
• Expiration: Optional date when the key automatically expires
• Status: Active, Expired, or Revoked

Key Types

Clear Ideas supports several types of access keys:

API Keys: For programmatic access to Clear Ideas APIs. Used by external applications and integrations.

MCP Keys: For Model Context Protocol integrations. Enable AI assistants and tools to access your Clear Ideas content.

Widget Keys (Public AI Chat): For embedding Public AI Chat widgets on websites. Control which sites can be accessed by the chat widget.

Webhook Keys: For webhook integrations that receive notifications about events in Clear Ideas.

Creating a Key

From Settings > Access Keys:

1. Click New Access Key
2. Choose a Name: Enter a descriptive name to identify the key's purpose (e.g., "Production API Integration" or "Development MCP Key")
3. Select Key Type: Choose API, MCP, Widget, or Webhook based on your integration needs
4. Select Scopes: Choose the specific permissions (scopes) the key needs. Each scope enables different capabilities:
   • API Scopes: Control access to specific API endpoints and operations
   • MCP Scopes: Define which sites and features MCP tools can access
   • Widget Scopes: Control Public AI Chat capabilities (text chat, voice chat, etc.)
   • Webhook Scopes: Define which events trigger webhook notifications
5. Set Expiration (Optional): Choose an expiration date if you want the key to automatically expire
6. Create Key: Click to create the key

Important: After creation, copy the key immediately—this is the only time it is shown in full. The key value cannot be retrieved later.

Managing Keys

The Access Keys page displays all your keys with the following information:

Key Information

Status:

• Active: Key is valid and can be used
• Expired: Key has passed its expiration date and is no longer valid
• Revoked: Key has been manually disabled and cannot be used

Activity:

• Created: Date and time the key was created
• Last Used: Most recent time the key was used (if applicable)
• Expires: Expiration date (if set)

Scopes: List of permissions granted to the key

Key Actions

Revoke Key:

• Immediately disable access for a compromised or unused key
• Revocation is permanent and cannot be undone
• You'll need to create a new key if access is needed again
• A confirmation dialog appears before revoking to prevent accidental actions

View Details: Click on a key to see full details including all scopes and activity information

Security Best Practices

Store Securely: Treat access keys like passwords. Store them in secure password managers or secret management systems.

Rotate Regularly: Create new keys periodically and revoke old ones to limit exposure if a key is compromised.

Minimal Scopes: Only grant the minimum scopes needed for each integration. Don't use overly permissive keys.

Use Expiration: Set expiration dates for keys, especially for temporary integrations or testing.

Monitor Usage: Regularly review the "Last Used" date to identify unused keys that should be revoked.

Separate Environments: Use different keys for development, staging, and production environments.

Revoke Immediately: If you suspect a key is compromised, revoke it immediately and create a new one.

Key Scopes

Scopes define what actions a key can perform. Common scope categories include:

• Content Access: Read, write, or manage content in specific sites
• User Management: Add or remove users (for API keys)
• AI Features: Access AI chat, workflows, or other AI capabilities
• Public Chat: Enable text or voice chat features (for Widget keys)
• Webhooks: Receive notifications for specific events

Each key type has its own set of available scopes. Select only the scopes needed for your specific use case.

Related Documentation

• Model Context Protocol - Using MCP keys for AI integrations
• Public AI Chat - Using Widget keys for chat widgets
• Access Keys - Site Level - Site-specific access key management