Was this page helpful?
API & Keys
Create, rotate, and secure your Zephex API keys. One key gives access to all 10 tools through the proxy.
Create from the dashboard, store as an env var, use anywhere, rotate on a schedule, revoke if leaked.
Every Zephex key follows a structured format that encodes the environment and purpose:
mcp_prod_api-01.a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6| Segment | Example | Purpose |
|---|---|---|
mcp_ | mcp_ | Fixed prefix — identifies this as a Zephex MCP key |
environment | prod | One of: dev, staging, prod, test |
name | api-01 | Human-readable label you choose |
secret | a1b2c3d4... | Cryptographically random, never stored in plain text |
Create keys from the dashboard or via the CLI. Each key inherits the rate limits of your plan.
npx zephex keys create --name production-api --env prodcurl -X POST https://zephex.dev/api/keys \ -H "Authorization: Bearer YOUR_SESSION_TOKEN" \ -H "Content-Type: application/json" \ -d '{"name": "production-api", "environment": "prod"}'Never share a single key across dev, staging, and production. If one leaks, you can revoke it without disrupting other environments.
# .env.local (development)ZEPHEX_API_KEY="mcp_dev_local-01.your-dev-secret" # .env.stagingZEPHEX_API_KEY="mcp_staging_web-01.your-staging-secret" # .env.productionZEPHEX_API_KEY="mcp_prod_api-01.your-prod-secret"Rotate keys regularly (recommended: every 90 days). The old key stays active for 24 hours after rotation to allow graceful migration.
Revocation is immediate. The key stops working the moment you revoke it. Use this if a key is compromised.
npx zephex keys revoke mcp_prod_api-01| Plan | Requests/month | Burst (per minute) | Concurrent |
|---|---|---|---|
| Free | 300 | 10 | 2 |
| Pro ($7/mo) | 3,500 | 30 | 5 |
| Max ($19/mo) | 10,000 | 60 | 10 |
When you exceed your monthly limit, requests return 429 Too Many Requests with a Retry-After header. Upgrade from the billing page.