All requests to the Supersonic MCP server require a valid API key. Keys are scoped to a single workspace and inherit the permissions of the user who created them.
API Keys
Pass your key in the Authorization header:
Authorization: Bearer supersonic_live_abc123...
Creating Keys
- Go to app.supersonic.cv
- Navigate to Settings > Developers > API Keys
- Click Create Key
- Choose a name and select scopes
- Copy the key — it’s only shown once
API keys are per-workspace. If you have access to multiple workspaces, create separate keys for each.
Scopes
Restrict what a key can access by selecting tool categories:
| Scope | Tools |
|---|
objects | objects.* |
records | records.* |
lists | lists.* |
views | views.* |
notes | notes.* |
tasks | tasks.* |
analytics | analytics.* |
reports | reports.* |
timeline | timeline.* |
graph | graph.*, contacts.classify |
integrations | integrations.* |
email | email.* |
messages | messages.* |
meetings | meetings.* |
billing | billing.* |
support | support.* |
Role-Based Access
API keys inherit the role of their creator:
| Role | Access |
|---|
| Owner | Full access to all tools and workspace settings |
| Admin | Full access to all tools, cannot modify workspace settings |
| Member | Read access to all data, write access scoped to assigned records |
Create a dedicated “API” user with the appropriate role rather than using your personal account for production integrations.
Example
import httpx
client = httpx.Client(
base_url="https://mcp.supersonic.cv",
headers={"Authorization": "Bearer supersonic_live_abc123..."}
)
response = client.post("/", json={
"jsonrpc": "2.0",
"method": "tools/call",
"params": {
"name": "records.list",
"arguments": {"object_type_slug": "companies"}
},
"id": 1
})