Account
API Keys
Create, manage, and revoke API keys for Flowpatrol.
Overview
API keys authenticate requests to the Flowpatrol API. They're required for MCP editor integration and optional for programmatic access. Dashboard users don't need an API key — sign-in handles authentication automatically.
Creating a key
- Go to Settings → API Keys in the dashboard
- Click Create API Key
- Enter a descriptive name (e.g., "Cursor - main project")
- Copy the full key immediately
The full key is only shown once. If you lose it, revoke the old key and create a new one.
Key format
All API keys follow this format:
fp_live_a1b2c3d4e5f6...fp_live_— fixed prefix identifying it as a Flowpatrol production key- Followed by 32 random hex characters
Security
- Keys are hashed with SHA-256 before storage. We never store the raw key.
- Each request is authenticated by hashing the provided key and matching against stored hashes.
- Keys can be revoked instantly from the dashboard.
- Revoked keys are rejected immediately on the next request.
Limits
| Plan | Max keys |
|---|---|
| Free | 2 |
| Pro | 10 |
| Enterprise | Unlimited |
Revoking a key
- Go to Settings → API Keys
- Find the key you want to revoke
- Click Revoke
- The key stops working immediately
Revoking a key is permanent. You'll need to create a new key and update your MCP config.
Best practices
- One key per project — makes it easy to track usage and revoke without affecting other projects
- Add to
.gitignore— never commit your MCP config file to version control - Rotate regularly — create a new key and revoke the old one every few months
- Use descriptive names — "Cursor - acme-app" is better than "key-1"