API Keys

Reactor uses API keys to authenticate requests to the MCP server. Each key is scoped to a workspace.

Generating an API key

Go to Settings > API Keys
Click Generate New Key
Give the key a name (e.g., "Claude Desktop", "n8n automation")
Click Create
Copy the key immediately -- it is only shown once

How the key is stored

Reactor stores only a SHA-256 hash of the key, never the plaintext. If you lose a key, generate a new one and delete the old entry.

Using the key

Pass the API key as a Bearer token in the Authorization header when connecting to the MCP endpoint:

Authorization: Bearer eng_your_key_here

The key is passed through mcp-remote when connecting a client:

{
  "mcpServers": {
    "reactor": {
      "command": "npx",
      "args": [
        "-y",
        "mcp-remote",
        "https://app.reactor.tools/api/mcp",
        "--header",
        "Authorization: Bearer YOUR_API_KEY"
      ]
    }
  }
}

See Authentication for full setup instructions.

Revoking a key

Click Delete next to any key on the API Keys page to revoke it immediately. Any MCP client using that key will receive a 401 error until it is reconfigured with a new key.

Key naming

Use descriptive names so you can track which keys are used by which integrations. If a key is compromised, you can identify and revoke it without disrupting other integrations.

Generating an API key​

How the key is stored​

Using the key​

Revoking a key​

Key naming​

Generating an API key

How the key is stored

Using the key

Revoking a key

Key naming