Create, scope, and rotate keys for the API, CLI, and MCP.
01
Create
- -Settings → API Keys, then "New API Key".
- -Copy immediately — the key is shown once.
- -Use a separate key per environment (laptop, CI, production).
02
Use
- -
Authorization: Bearer op_...for HTTP. - -
OPERALTA_API_KEYfor the CLI and MCP server.
03
Scopes
- -Prefer explicit scopes:
context:read,metrics.actuals:read,contacts:write,artifacts:write,rooms:read,integrations:write,reports.send:manage. - -Legacy
read/write/adminstill work but are coarser. - -A key is always capped by your real role; use bundles per integration.
- -All key usage is logged in the company audit trail.