Skip to main content
Enterprise Feature — API key permissioning is available on superglue Enterprise plans. Contact us to learn more.
superglue uses API keys to control access to tools and APIs. You can create keys with full access or restrict them to specific tools.

API key types

TypeAccess
UnrestrictedFull access to GraphQL, REST, MCP, and all tools
RestrictedREST and MCP only, limited to specific tools

Creating API keys

Create and manage API keys from the dashboard: API keys management page

Restricted keys

Restricted API keys can only access tools explicitly listed in their allowedTools configuration:
allowedTools valueMeaning
['*']All tools allowed (wildcard)
['tool-1', 'tool-2']Only these specific tools

What restricted keys can do

  • Execute tools via REST API (/v1/tools/{id}/run)
  • Execute tools via MCP server
  • List only their allowed tools

What restricted keys cannot do

  • Access the GraphQL API
  • View or execute tools not in their allowed list
  • Modify tool configurations

Use cases

AI Agent Access

Create restricted keys for AI agents that only allow access to approved tools

Third-Party Integrations

Share restricted keys with external services that only need to trigger specific tools

Example: Creating a restricted key for an agent

  1. Navigate to Settings → API Keys
  2. Click Create API Key
  3. Enable Restricted access
  4. Select the tools this key should access
  5. Copy the generated key
Use this key in your MCP configuration or REST API calls: 
// MCP server configuration with restricted key
{
  "mcpServers": {
    "superglue": {
      "command": "npx",
      "args": ["-y", "superglue-mcp"],
      "env": {
        "SUPERGLUE_API_KEY": "sg_restricted_xxx",
        "SUPERGLUE_API_URL": "https://api.superglue.cloud"
      }
    }
  }
}
The agent will only see and execute tools allowed by this key.