Skip to main content

Documentation Index

Fetch the complete documentation index at: https://kasava.dev/docs/llms.txt

Use this file to discover all available pages before exploring further.

Navigate to Settings → API Keys to manage your API access tokens for programmatic access to Kasava.

Viewing Your API Keys

The API Keys page displays all your active keys with the following information:
FieldDescription
NameThe descriptive name you assigned to the key
Key PrefixA masked preview showing only the key prefix (e.g., ksa_****)
CreatedWhen the key was created
Last UsedWhen the key was last used for an API request
ExpiresThe expiration date, if one was set
StatusVisual badges indicating if a key is Expired or Expiring soon

Creating an API Key

1

Open API Keys

Go to Settings → API Keys
2

Click Create

Click Create API Key (or Create New API Key if you already have keys)
3

Enter a Name

Provide a descriptive name to help you identify this key (e.g., “Production Server”, “CI/CD Pipeline”, “Local Development”)
4

Set Expiration (Optional)

Click the date picker to set an expiration date for the key. If left empty, the key will never expire.
5

Create and Copy

Click Create API Key. Your new key will be displayed. Copy it immediately using the copy button.
Your API key is only displayed once at creation. Store it securely in a password manager or secrets vault. You cannot retrieve the key again - if you lose it, you’ll need to regenerate or create a new key.

Viewing API Key Usage

Monitor how your API keys are being used:
1

Open Key Menu

Click the (three dots) menu button on the key you want to inspect
2

Select View Usage

Click View Usage to open the usage statistics dialog
The usage dialog displays:
MetricDescription
Total RequestsAll-time number of API requests made with this key
Requests TodayNumber of requests made in the current day
This MonthNumber of requests made in the current month
Last UsedThe exact date and time the key was last used
If an API key shows no usage, ensure you’re including it in your requests using the X-API-Key header.

Regenerating an API Key

If you suspect a key has been compromised or need to rotate keys:
1

Open Key Menu

Click the (three dots) menu button on the key
2

Select Regenerate

Click Regenerate from the dropdown menu
3

Confirm

Review the warning that the current key will be invalidated, then click Regenerate
4

Copy New Key

Copy your new API key immediately - it won’t be shown again
Regenerating a key immediately invalidates the old key. Any applications using the old key will stop working and will need to be updated with the new key.

Deleting an API Key

1

Open Key Menu

Click the (three dots) menu button on the key
2

Select Delete

Click Delete from the dropdown menu
3

Confirm Deletion

Review the warning, then click Delete to permanently remove the key
Deleting an API key is permanent and cannot be undone. Any applications using this key will no longer be able to authenticate.

Using API Keys

Include your API key in the X-API-Key header when making requests: 
curl -H "X-API-Key: $KASAVA_API_KEY" https://api.kasava.dev/v1/repositories
Store your API key in an environment variable (e.g., export KASAVA_API_KEY=ksa_...) rather than pasting it directly into commands.

Using API Keys with IDE & MCP Integrations

API keys also authenticate connections from AI coding tools like Claude Code, Cursor, and Claude Desktop via the MCP (Model Context Protocol) server.

Claude Code Plugin

The Kasava plugin prompts for your API key during setup and stores it securely in your system keychain. No manual configuration needed.

Manual MCP Setup

For Cursor, Claude Desktop, or other MCP clients, include your API key as a Bearer token: 
{
  "mcpServers": {
    "kasava": {
      "url": "https://api.kasava.dev/v1/mcp/sse",
      "headers": {
        "Authorization": "Bearer kasava_live_YOUR_KEY"
      }
    }
  }
}
See the MCP Setup guide for platform-specific instructions.
Create a dedicated API key for each IDE integration (e.g., “Claude Code - Work Laptop”, “Cursor - Personal”) so you can track usage and revoke access individually.

Best Practices

  1. Use descriptive names - Name keys after their purpose (e.g., “GitHub Actions CI”, “Claude Code”, “Cursor”)
  2. Set expiration dates - For temporary access or compliance requirements, set keys to expire
  3. Rotate regularly - Regenerate keys periodically to limit exposure if a key is compromised
  4. Monitor usage - Check usage statistics to detect unexpected activity
  5. Never commit keys - Store API keys in environment variables or secrets managers, never in code
  6. One key per integration - Create separate keys for each tool so you can revoke individually

General Settings

Account preferences

Organization

Team and usage management