Authentication
All Syncello API requests require authentication via a Bearer token. This page explains how to find your API key and use it in requests.
Finding Your API Key
Your API key is available in the Syncello dashboard:
- Log in to app.syncello.io
- Navigate to Settings in the sidebar
- Click the API Keys tab
- Your key is displayed — click the copy icon to copy it to your clipboard
Tip: Your API key is a JWT token. It contains minimal claims (subject, issued-at, issuer) and does not expire automatically. Treat it like a password.
Refreshing Your API Key
If your key is compromised or you want to rotate it:
- Go to Settings → API Keys
- Click Regenerate Key
- Confirm the action — your old key will be immediately invalidated
- Update your integrations with the new key
Warning: Regenerating your key will break any existing integrations using the old key. Make sure to update all MCP clients and API calls.
Using Your API Key
Include your key in the Authorization header of every request:
Authorization: Bearer YOUR_API_KEYExample Request
curl -X POST https://api.syncello.io/v1/tools/tape/listApps \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{}'Error Responses
| Status | Meaning |
|---|---|
401 | Missing or invalid API key |
403 | Key is valid but lacks permission for this action |
Security Best Practices
- Never commit your API key to version control
- Use environment variables to store the key
- Regenerate immediately if you suspect the key has been exposed
- Use the minimum required scopes when configuring MCP access