arcanon

API Keys

Create and manage org-scoped API keys for scanner authentication.

Overview

API keys authenticate the scanner, CLI tools, and the MCP server against Arcanon Hub. Each key is scoped to one org and has configurable permissions.

Creating a key

  1. Go to Settings > API Keys
  2. Click Create API key
  3. Enter a name (e.g., "CI Pipeline", "Local dev")
  4. Copy the key immediately — it's shown only once

Keys start with arc_ and are 43 characters long. Store them securely.

Using a key

Scanner CLI

export ARCANON_API_KEY=arc_your_key_here
npx arcanon-scan

MCP Server

{
  "mcpServers": {
    "arcanon": {
      "command": "npx",
      "args": ["arcanon-mcp"],
      "env": {
        "ARCANON_API_KEY": "arc_your_key_here"
      }
    }
  }
}

REST API

curl -H "Authorization: Bearer arc_your_key_here" \
  https://api.arcanon.dev/api/v1/orgs/{orgId}/repos

Rotating a key

Click Rotate on an existing key. A new key is issued and the old one enters a 24-hour grace period — both work during this window. After 24 hours, the old key stops working.

Revoking a key

Click Delete on a key. It stops working immediately. Active scanner sessions using that key will fail on next upload.

Security

  • Keys are stored as SHA-256 hashes — Hub never stores the plaintext
  • Each key is scoped to one org via RLS — it cannot access other orgs' data
  • Rate limits apply per key: 200 reads/min, 50 writes/min

Products

Group repositories into products for filtered views.

MCP Server

Query your service graph from AI coding tools.

On this page

OverviewCreating a keyUsing a keyScanner CLIMCP ServerREST APIRotating a keyRevoking a keySecurity