API keys

API keys identify your account to MCP clients, scripts, and REST integrations. They're powerful: anyone with a key can act as you within the permissions Parallect grants. Treat them like passwords.

When you need API keys

Create a key when you:

• Set up Cursor, Claude Desktop, or another MCP client with Parallect.
• Call the REST API from your own code or automation.
• Use OpenClaw or similar tools that need a static credential.

You don't need a key for day-to-day use inside the Parallect web app -- only for external connections.

Creating a key

1. Open Integrations (or your account's API keys surface, if labeled separately).
2. Choose Create API key.
3. Optionally set a name -- helps you remember where you used it ("Cursor laptop", "prod cron", etc.).
4. Confirm creation.

Named keys are easier to revoke selectively later without guessing which client broke.

One-time reveal (save immediately)

Right after creation, Parallect shows the full key once. Copy it to a password manager, secret manager, or your local env file -- immediately.

Once you leave this page, there's no way to see the full key again.

Revoking keys

Revoke when:

• A laptop was lost or a repo was leaked.
• You're rotating credentials on a schedule.
• A teammate with access left the group.
• You're unsure which client still holds an old key.

After revocation, requests using that key fail immediately -- update any integration that still relied on it.

Where keys are used

Use different keys per device when possible so you can revoke one client without touching others.

---

You're at the end of the user-facing integrations guides. For deeper protocol docs, see MCP integration and REST API authentication.