Key Management
ShingleAI uses two types of keys for programmatic access:| Key Type | Purpose | Used By |
|---|---|---|
| API Keys | REST API access | Backend services, scripts, integrations |
| MCP Keys | Model Context Protocol access | AI agents (Claude, Cursor, etc.) |
Security Best Practices
- Principle of least privilege: Grant only the permissions each key needs
- Separate keys per integration: Create dedicated keys for each service or agent
- Regular audits: Review and revoke unused keys monthly
- Secure storage: Never commit keys to version control; use environment variables