API Keys

Your CodeLoop API key authenticates the MCP server with our backend. This page covers everything about managing your keys.

Generating a Key

Via the Dashboard

1. Log in at codeloop.tech/dashboard/keys
2. Click Create New Key
3. Give it a name (e.g., “Work Laptop”)
4. Copy the key immediately — it's shown only once

Via the CLI

# If you already have an account
npx codeloop login
# Then generate a key
npx codeloop keys create --name "Work Laptop"

# If you're new, signup creates your first key automatically
npx codeloop signup

Setting the Environment Variable

The MCP server reads your key from the CODELOOP_API_KEY environment variable.

macOS (zsh)

# Add to ~/.zshrc
echo 'export CODELOOP_API_KEY="cl_live_your_key_here"' >> ~/.zshrc
source ~/.zshrc

Linux (bash)

# Add to ~/.bashrc
echo 'export CODELOOP_API_KEY="cl_live_your_key_here"' >> ~/.bashrc
source ~/.bashrc

Windows (PowerShell)

# Set as user environment variable (persists across sessions)
[System.Environment]::SetEnvironmentVariable("CODELOOP_API_KEY", "cl_live_your_key_here", "User")

# Or set for current session only
$env:CODELOOP_API_KEY = "cl_live_your_key_here"

Adding to MCP Config

When you run npx codeloop init, the API key is automatically added to your MCP config. If you need to add it manually:

Cursor (.cursor/mcp.json)

{
  "mcpServers": {
    "codeloop": {
      "command": "npx",
      "args": ["-y", "@codeloop/mcp-server"],
      "env": {
        "CODELOOP_API_KEY": "cl_live_your_key_here"
      }
    }
  }
}

Claude Code (.claude/settings.local.json)

{
  "mcpServers": {
    "codeloop": {
      "command": "npx",
      "args": ["-y", "@codeloop/mcp-server"],
      "env": {
        "CODELOOP_API_KEY": "cl_live_your_key_here"
      }
    }
  }
}

Rotating a Key

If your key is compromised or you want to rotate it as a security practice:

1. Go to Dashboard → API Keys
2. Click the rotate icon next to the key you want to rotate
3. A new key is generated and the old one is immediately revoked
4. Update your CODELOOP_API_KEY environment variable with the new key

Revoking a Key

To revoke a key without creating a replacement, click the delete icon in the dashboard. The key will stop working immediately.

Security Best Practices

• Never commit keys to version control. Add .env to your .gitignore.
• Use environment variables instead of hardcoding keys in config files.
• Use separate keys for different machines or environments.
• Rotate keys regularly — the dashboard makes this a one-click operation.
• Revoke unused keys — if a machine is decommissioned, revoke its key.

Key Format

CodeLoop API keys use the format cl_live_ followed by a random string. Example: cl_live_abc123def456...

The cl_live_ prefix makes it easy to identify CodeLoop keys in your environment and helps secret scanners detect accidentally committed keys.

Next Steps

• Cursor Setup — complete Cursor configuration
• Claude Code Setup — complete Claude Code configuration
• Dashboard — manage your keys