Skip to main content
The Admin API uses a separate key type from the endpoint execution keys. Admin keys give you management access to create, update, and delete resources.

Key Types

Endprompt has two types of API keys:
Key TypePrefixPurpose
Endpoint Keyep_Execute endpoints only — for your application code
Admin Keyepa_Full management access — for Admin API and MCP
Admin keys can also execute endpoints, so you only need one key for both management and execution during development.

Creating an Admin API Key

1

Open API Keys

Click API Keys in the sidebar navigation of your dashboard.
2

Click Create API Key

Click the Create API Key button.
3

Select Admin Type

Under Key Type, select Admin. This creates a key with the epa_ prefix.
4

Set Permission Level

Choose a permission level:
  • ReadWrite — Full access to all operations (create, update, delete, read)
  • ReadOnly — Can only read resources (GET operations). Write attempts return 403.
5

Name Your Key

Give it a descriptive name:
  • MCP - VS Code
  • CI/CD Pipeline - Admin
  • Development - Local Admin
6

Copy the Key

Copy the displayed key immediately — you won’t see it again.
Admin API keys are shown only once at creation. Store them securely. If you lose a key, create a new one and revoke the old one.

Using Your Admin Key

Admin keys work with both the REST API and MCP server. Include the key in your requests:

REST API (x-api-key header)

curl -X GET https://api.endprompt.app/admin/v1/endpoints \
  -H "x-api-key: epa_your_admin_key_here"

REST API (Bearer token)

curl -X GET https://api.endprompt.app/admin/v1/endpoints \
  -H "Authorization: Bearer epa_your_admin_key_here"

MCP Server

MCP connections use the Bearer token format in the transport configuration. See MCP Server for setup details.

Permission Matrix

OperationReadWriteReadOnly
List / Get resources
Create resources❌ (403)
Update resources❌ (403)
Delete resources❌ (403)
Execute endpoints
View logs & stats

Security Best Practices

Separate Keys by Environment

Use different admin keys for development, staging, and production.

Use ReadOnly Where Possible

If you only need to read data (monitoring, reporting), use a ReadOnly key.

Store Keys Securely

Use environment variables or secret managers. Never commit keys to git.

Rotate Periodically

Create new keys, update your integrations, then revoke old keys.