API Keys
API keys authenticate your IDE with the Golden Path cloud MCP server. Each key is scoped to your account — the MCP server uses it to determine which architectures and skills you have access to.
Creating an API key
Navigate to Settings > API Keys in Golden Path Studio and click Create API Key. Give it a descriptive name (e.g., "Work laptop" or "CI/CD") and click Generate.
The key is shown once — copy it immediately. It cannot be retrieved later. If you lose a key, revoke it and create a new one.
Key format
gp_a1b2c3d4e5f6...
API keys start with the gp_ prefix. The key is hashed (SHA-256) before storage — Golden Path never stores your raw key.
Using your API key
Place the key in your MCP configuration file. See MCP Setup for IDE-specific file paths.
The API key goes in the Authorization header as a Bearer token. When your IDE connects to the MCP server, it sends this header with every request.
The server resolves the key to your account and returns only the architectures and skills you have access to — your own, plus any shared with you via teams.
mcp.json
{
"servers": {
"golden-path": {
"type": "http",
"url": "https://mcp.golden-path.ai/mcp",
"headers": {
"Authorization": "Bearer gp_your_key_here"
}
}
}
}
Managing keys
In Settings > API Keys you can:
- View all your active keys with their names and last-used timestamps
- Revoke keys that are no longer needed or may have been compromised
- Set expiration dates for keys that should only be valid temporarily
Revoking a key takes effect immediately — any IDE using that key will lose access on the next request.
Key scoping
Each API key inherits your full account permissions:
- Your own private architectures and skills
- Architectures shared with you via teams
- Public architectures (read-only, via marketplace)
There is no way to create a key with reduced permissions. If you need to limit access, use separate accounts.