Getting started

Authentication

One key, every surface. The same ck_live_… authenticates REST, SDK, CLI, MCP, and Skills.

Where keys come from

Create and revoke keys at Account → Apps & API (visible once your account is enabled for the beta). The full key (ck_live_…) is shown once — copy it right away. If you lose it, revoke it and generate another.

Send the key on every request, either as a Bearer token or in the X-API-Key header — both work:

http
Authorization: Bearer ck_live_xxxxxxxxxxxxxxxxxxxxxxxx
# ou
X-API-Key: ck_live_xxxxxxxxxxxxxxxxxxxxxxxx

Across the other surfaces

SDK, CLI, MCP, and Skills all read the same key from the CARANGUEJO_API_KEY environment variable (the CLI can also store it via caranguejo auth login):

bash
export CARANGUEJO_API_KEY=ck_live_xxxxxxxxxxxxxxxxxxxxxxxx

Keep your keys safe

A missing, invalid, or revoked key returns 401. An account without beta access or an active plan returns 403. See Errors & limits.