> ## Documentation Index
> Fetch the complete documentation index at: https://docs.supersonic.cv/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> API keys, scopes, and role-based access for the Supersonic MCP API.

All requests to the Supersonic MCP server require a valid API key. Keys are scoped to a single workspace and inherit the permissions of the user who created them.

## API Keys

Pass your key in the `Authorization` header:

```
Authorization: Bearer supersonic_live_abc123...
```

### Creating Keys

1. Go to [supersonic.cv/keys](https://supersonic.cv/keys)
2. Navigate to **Settings** > **Developers** > **API Keys**
3. Click **Create Key**
4. Choose a name and select scopes
5. Copy the key — it's only shown once

<Note>
  API keys are per-workspace. If you have access to multiple workspaces, create separate keys for each.
</Note>

## Scopes

Restrict what a key can access by selecting tool categories:

| Scope          | Tools                       |
| -------------- | --------------------------- |
| `objects`      | objects.\*                  |
| `records`      | records.\*                  |
| `lists`        | lists.\*                    |
| `views`        | views.\*                    |
| `notes`        | notes.\*                    |
| `tasks`        | tasks.\*                    |
| `analytics`    | analytics.\*                |
| `reports`      | reports.\*                  |
| `timeline`     | timeline.\*                 |
| `graph`        | graph.\*, contacts.classify |
| `integrations` | integrations.\*             |
| `email`        | email.\*                    |
| `messages`     | messages.\*                 |
| `meetings`     | meetings.\*                 |
| `billing`      | billing.\*                  |
| `support`      | support.\*                  |

Leave scopes empty to grant access to all tools.

## Role-Based Access

API keys inherit the role of their creator:

| Role       | Access                                                           |
| ---------- | ---------------------------------------------------------------- |
| **Owner**  | Full access to all tools and workspace settings                  |
| **Admin**  | Full access to all tools, cannot modify workspace settings       |
| **Member** | Read access to all data, write access scoped to assigned records |

<Tip>
  Create a dedicated "API" user with the appropriate role rather than using your personal account for production integrations.
</Tip>

## Example

<CodeGroup>
  ```python Python theme={null}
  import httpx

  client = httpx.Client(
      base_url="https://mcp.supersonic.cv",
      headers={"Authorization": "Bearer supersonic_live_abc123..."}
  )

  response = client.post("/", json={
      "jsonrpc": "2.0",
      "method": "tools/call",
      "params": {
          "name": "records.list",
          "arguments": {"object_type_slug": "companies"}
      },
      "id": 1
  })
  ```

  ```typescript TypeScript theme={null}
  const response = await fetch("https://mcp.supersonic.cv/", {
    method: "POST",
    headers: {
      "Authorization": "Bearer supersonic_live_abc123...",
      "Content-Type": "application/json"
    },
    body: JSON.stringify({
      jsonrpc: "2.0",
      method: "tools/call",
      params: {
        name: "records.list",
        arguments: { object_type_slug: "companies" }
      },
      id: 1
    })
  });
  ```

  ```bash curl theme={null}
  curl -X POST https://mcp.supersonic.cv/ \
    -H "Authorization: Bearer supersonic_live_abc123..." \
    -H "Content-Type: application/json" \
    -d '{
      "jsonrpc": "2.0",
      "method": "tools/call",
      "params": {
        "name": "records.list",
        "arguments": {"object_type_slug": "companies"}
      },
      "id": 1
    }'
  ```
</CodeGroup>