- To call the MCPJam API, you want the MCPJam API key (
sk_…) — the first one below. - Two others here are third-party secrets you supply, not keys MCPJam issues — they’re listed only because the name collides.
- One older key (
mcpjam_…) is retired and no longer works.
MCPJam API key (sk_…)
The key for the MCPJam API — programmatic access to live MCP server diagnostics at https://app.mcpjam.com/api/v1/.... This is the one to reach for whenever you mean “the MCPJam API key.”
Where it lives: Settings → API keys in the hosted app — that link takes you straight to key creation (sign in if prompted; you’ll land back on the page). Shown exactly once at creation — store it in your own secret manager or an environment variable.
When it’s used: Every Authorization: Bearer sk_… request to /api/v1/* — validating servers, running the doctor, listing tools/prompts/resources, reading resources, exporting snapshots, and saving @mcpjam/sdk eval results (set MCPJAM_API_KEY to this key; see Saving Results).
Errors you might see
401 UNAUTHORIZED→ invalid or revoked key.401withdetails.reason: "ORPHANED_KEY"→ the key lost its organization binding; create a new one from Settings.403 FORBIDDEN(“API keys cannot manage other API keys”) → you pointed ansk_…key at the key-management endpoints; key management is UI-only.429 RATE_LIMITED→ per-key rate limit (60/min, burst 10); honorRetry-After.
LLM provider key — not an MCPJam key
A secret from an LLM provider (OpenAI, Anthropic, Google, xAI, Groq, Mistral, …). MCPJam never issues this — it just uses the key you paste in to call that provider on your behalf. Where it lives: Settings → LLM Providers. When it’s used: Every Playground chat against a provider model that isn’t MCPJam’s free hosted model. Errors: “Invalid API key for OpenAI / Anthropic / …” → wrong, expired, or for a different project. (“MCPJam model limit reached” is a different problem.) You don’t need one to run inspector probes (Tools, Resources, Prompts, OAuth Debugger, conformance) — those only talk to MCP servers.Playground BYOK — not an MCPJam key
A per-server bearer token for an HTTP MCP server that requiresAuthorization: Bearer .... MCPJam forwards it to that one server only; it never authenticates you to MCPJam.
Where it lives: Servers card → Headers field, or config.json under mcpServers.<name>.headers.Authorization (e.g. "Authorization": "Bearer ${MY_SERVER_TOKEN}").
When it’s used: Every request the inspector makes to that MCP server.
Errors: auth/http_401, auth/http_403 — the target server rejected the token.
Project API Key (mcpjam_…) — retired
This was a project-scoped token for @mcpjam/sdk / CLI traffic to the hosted backend, read from the MCPJAM_API_KEY environment variable. If your CI logs show 410 reporting errors, this retirement is why. To fix CI: upgrade @mcpjam/sdk, replace the MCPJAM_API_KEY value with an sk_… key from Settings → API keys, and (optionally) set MCPJAM_PROJECT_ID to keep filing results under the same project — otherwise they land in your org’s Default project. Old SDK versions’ default auto-save path warns and continues, so eval runs themselves keep passing either way.
Quick reference
| Key | Format | Issued by | Use it for |
|---|---|---|---|
| MCPJam API key | sk_… | Settings → API keys | The MCPJam API (/api/v1/*) |
| LLM provider key | provider-specific | the LLM provider | Playground chat — third-party |
| Playground BYOK | server-specific | your MCP server | Authenticating to one MCP server — third-party |
| Project API Key | mcpjam_… | — (no longer issued) | Retired — no longer works |

