POST /api/mcp/keys
Generate (or regenerate) an API key
Section titled “Generate (or regenerate) an API key”POST /api/mcp/keysAuthorization: Bearer <supabase-session-cookie>This endpoint is called by the FitRepo Settings UI. It generates a new 32-byte hex API key and stores a hash of it in user_settings.
If a key already exists, it is replaced. The previous key stops working immediately.
Response
Section titled “Response”HTTP 200
{ "key": "a3f8c2...64 hex chars..." }The key is returned once only — FitRepo stores only the hash and cannot recover the plaintext later. Store it securely.
Revoke an API key
Section titled “Revoke an API key”DELETE /api/mcp/keysAuthorization: Bearer <supabase-session-cookie>Removes the API key from user_settings. Any MCP server or API client using the old key will immediately receive 401 errors.
Response
Section titled “Response”HTTP 200
{ "ok": true }- These endpoints use Supabase session cookies (set by the web app login), not the API key itself — you can’t use your API key to generate a new API key.
- To generate a key programmatically (e.g. in a self-hosted setup), use the Settings UI in the web app.