API Authentication

Rampify uses API keys to authenticate requests to the MCP server and REST API.

API Keys

API keys are required for all authenticated requests. They provide secure, scoped access to your Rampify account without exposing your password.

Key Format

Rampify API keys follow this format:

sk_live_abc123def456ghi789...
  • sk - Secret key prefix
  • live - Environment (live or test)
  • Remaining characters - Unique identifier

Generating API Keys

  1. Log in to your Rampify dashboard
  2. Navigate to Settings → API Keys
  3. Click "Generate New Key"
  4. Provide a descriptive name (e.g., "MacBook Pro", "CI/CD Pipeline")
  5. Copy the key immediately (it won't be shown again)
  6. Store it securely

Best Practices

Do:

  • ✓ Generate separate keys for different environments
  • ✓ Use descriptive names to track where keys are used
  • ✓ Rotate keys regularly (every 90 days)
  • ✓ Revoke keys immediately if compromised
  • ✓ Store keys in environment variables, not code

Don't:

  • ✗ Commit keys to version control
  • ✗ Share keys between team members
  • ✗ Use the same key for development and production
  • ✗ Expose keys in client-side code

Using API Keys

MCP Server

Set the RAMPIFY_API_KEY environment variable:

export RAMPIFY_API_KEY=sk_live_abc123...

Or in your MCP configuration:

{
  "mcpServers": {
    "rampify": {
      "env": {
        "RAMPIFY_API_KEY": "sk_live_abc123..."
      }
    }
  }
}

REST API

Include the API key in the Authorization header:

curl https://api.rampify.ai/v1/sites \
  -H "Authorization: Bearer sk_live_abc123..."

Example Request

const response = await fetch('https://api.rampify.ai/v1/sites', {
  headers: {
    'Authorization': `Bearer ${process.env.RAMPIFY_API_KEY}`,
    'Content-Type': 'application/json'
  }
});

API Key Permissions

API keys support scoped permissions to limit what they can access:

Available Scopes

  • mcp:read - Read SEO data via MCP tools
  • mcp:write - Trigger scans and updates via MCP
  • api:read - Read data via REST API
  • api:write - Create/update data via REST API
  • admin - Full access to all resources

Setting Scopes

When generating a key, select the appropriate scopes:

{
  "name": "CI/CD Pipeline",
  "scopes": ["mcp:read", "api:read"]
}

This key can read data but cannot trigger scans or make changes.

Key Management

Viewing Active Keys

See all your active API keys in Settings → API Keys:

  • Key prefix (first 15 characters)
  • Name and description
  • Last used timestamp
  • Creation date
  • Scopes

Revoking Keys

Click "Revoke" next to any key to immediately invalidate it. This cannot be undone.

Key Rotation

To rotate a key:

  1. Generate a new key with the same scopes
  2. Update your applications to use the new key
  3. Verify the new key works
  4. Revoke the old key

Rate Limits

API keys are subject to rate limits based on your plan tier:

TierRequests/HourScans/Day
Free1001
Starter1,00010
Pro10,000Unlimited

Rate limit headers are included in all responses:

X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 943
X-RateLimit-Reset: 1634567890

Security

Encrypted Storage

API keys are hashed using bcrypt before storage. We never store plaintext keys.

Audit Logs

All API requests are logged with:

  • Timestamp
  • IP address
  • Endpoint accessed
  • Response status

View your audit log in Settings → Security → Audit Log.

Troubleshooting

"Invalid API key" error

Causes:

  • Key was revoked
  • Key was copied incorrectly
  • Key expired

Solution: Generate a new key

"Insufficient permissions" error

Cause: The API key doesn't have the required scopes

Solution: Generate a new key with appropriate scopes

Rate limit exceeded

Cause: Too many requests in the current window

Solution: Wait until the rate limit resets (see X-RateLimit-Reset header) or upgrade your plan

Next Steps