Skip to main content

Overview

API keys are used to authenticate your applications with Simforge. Each API key is scoped to an organization and can be used to:
  • Call functions via the SDK
  • Send traces to Simforge
  • Access the Simforge API
  • Connect coding agents via MCP (Model Context Protocol)

Creating an API Key

  1. Click your profile avatar in the top-right corner of the Simforge web portal
  2. Select API Keys from the dropdown menu
  3. Click Create API Key
  4. Enter a name for your API key (e.g., “Production”, “Development”)
  5. Copy the generated API key immediately - it will only be shown once
Store your API key securely. Never commit API keys to version control or expose them in client-side code.

Using API Keys

Environment Variables

The recommended way to use API keys is through environment variables: 
# .env
SIMFORGE_API_KEY=sf_your_api_key_here

SDK Configuration

Pass your API key when initializing the SDK: 
import { Simforge } from "@goharvest/simforge"

const client = new Simforge({
  apiKey: process.env.SIMFORGE_API_KEY,
})

VS Code Extension

Configure your API key in VS Code settings:
  1. Open VS Code Settings (Cmd+, or Ctrl+,)
  2. Search for “Simforge”
  3. Enter your API key in the Simforge: Api Key field
Or use the command palette:
  1. Open Command Palette (Cmd+Shift+P or Ctrl+Shift+P)
  2. Run Simforge: Set API Key
  3. Enter your API key

MCP (Model Context Protocol)

For coding agents like Cursor and Claude Code, API keys are used to authenticate MCP connections: Quick Setup: Visit the Simforge setup page for automatic configuration with your API key embedded. Manual Setup: Include your API key in the MCP configuration: 
{
  "mcpServers": {
    "simforge": {
      "type": "streamable-http",
      "url": "https://simforge.goharvest.ai/mcp",
      "headers": {
        "Authorization": "Bearer YOUR_API_KEY"
      }
    }
  }
}
See the MCP Setup guide for detailed instructions.

Managing API Keys

Viewing API Keys

Click your profile avatar and select API Keys to view all API keys for your organization. You can see:
  • Key name
  • Creation date
  • Last used date
  • Partial key (last 4 characters)

Revoking API Keys

To revoke an API key:
  1. Click your profile avatar and select API Keys
  2. Find the API key you want to revoke
  3. Click the Revoke button
  4. Confirm the revocation
Revoking an API key is immediate and permanent. Any applications using the revoked key will stop working.

Best Practices

  • Use separate keys for different environments: Create separate API keys for development, staging, and production
  • Rotate keys regularly: Periodically create new keys and revoke old ones
  • Use descriptive names: Name your keys clearly to identify their purpose
  • Monitor usage: Check the “Last Used” date to identify unused keys

MCP-Specific Security

When using API keys with coding agents:
  • Secure storage: MCP configurations are stored locally on your development machine - ensure it’s encrypted and secure
  • Team access: Be cautious about sharing MCP configurations that contain API keys
  • Development vs production: Consider using separate organizations or API keys for different environments
  • Review agent behavior: Understand how your coding agent handles and logs API requests
Some MCP clients may log requests or store configuration in plaintext. Review your agent’s security practices and consider the sensitivity of your traced data.