> ## Documentation Index
> Fetch the complete documentation index at: https://openrush.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Understand sign-in, MCP access, and API keys.

Most users do not need to handle authentication directly. Sign in at [openrush.io](https://openrush.io), connect your AI agent from [Setup](https://openrush.io/dashboard/connect), and OpenRush handles access for you.

Developers can also create API keys for server-side integrations.

## Recommended path

Use the Dashboard:

* [Setup](https://openrush.io/dashboard/connect) to connect an AI agent.
* [API access](https://openrush.io/dashboard/api) to create and revoke API keys.
* [Activity](https://openrush.io/dashboard/usage) to see recent API and MCP usage.

## API keys for developers

Send your key in the `Authorization` header:

```bash theme={null}
curl "https://api.openrush.io/v1/me/credits" \
  -H "Authorization: Bearer $OPENRUSH_KEY"
```

You can also send:

```bash theme={null}
curl "https://api.openrush.io/v1/me/credits" \
  -H "X-API-Key: $OPENRUSH_KEY"
```

API keys use the `or_` prefix. The full key is returned only once when it is created. OpenRush stores a hash, fingerprint, and display prefix, not a retrievable raw key.

## Dashboard sessions

When you use the Dashboard or OAuth-based MCP, OpenRush uses your signed-in account. You do not need to copy tokens manually.

For advanced integrations, public API routes can also accept a valid Dashboard session bearer token:

```bash theme={null}
curl "https://api.openrush.io/v1/me/credits" \
  -H "Authorization: Bearer $SUPABASE_ACCESS_TOKEN"
```

OpenRush maps that session to the same account used by API keys. This keeps credits, usage, and billing shared across Dashboard, API key, and MCP access.

## Unauthenticated endpoints

This public endpoint does not require an API key:

| Method          | Path               | Purpose                            |
| --------------- | ------------------ | ---------------------------------- |
| `GET` or `POST` | `/v1/capabilities` | Discover enabled tools and sources |

## Create and revoke user credentials

You can create and revoke keys in [API access](https://openrush.io/dashboard/api), or use the account API directly.

Create a new key for the current account:

```bash theme={null}
curl -X POST "https://api.openrush.io/v1/me/api-credentials" \
  -H "Authorization: Bearer $OPENRUSH_KEY" \
  -H "Content-Type: application/json" \
  -d '{"name":"production agent"}'
```

Revoke a key owned by the current account:

```bash theme={null}
curl -X POST "https://api.openrush.io/v1/me/api-credentials/$CREDENTIAL_ID/revoke" \
  -H "Authorization: Bearer $OPENRUSH_KEY"
```

<Warning>
  Store the returned `key` immediately. It is shown once and cannot be retrieved later.
</Warning>
