API keys

API keys are the only way to authenticate with the Flik API from the CLI and MCP. You create and manage them in the web app.

Creating a key

1. Sign in at the Flik web app.
2. Go to Keys (or Dashboard → Keys).
3. Click to create a new key and give it a name (e.g. “CLI”, “Cursor MCP”).
4. Copy the key immediately — the full value is shown only once. Store it in FLIK_KEY or in a .flik file for the CLI/MCP.

Keys have the form flik_ followed by a long hex string. They are stored hashed; only the prefix is shown in the list later.

Using a key

• CLI — Set FLIK_KEY in the environment or in a .flik file, or pass the key to flik auth login [api-key].
• MCP — Set FLIK_KEY (or use a .flik file in a directory that Cursor runs from). You can also override per-tool via the api_key argument.

Send the key as a Bearer token:

Authorization: Bearer flik_<your-key>

Rotating and deleting

• Rotate — From the Keys page, rotate a key. The old key stops working immediately; the new key is shown once. Update your CLI/MCP config with the new value.
• Delete — Removes the key; it stops working immediately. Use this when retiring a key or revoking access.

Key types (human vs agentic)

Keys can be created as human or agentic. Agentic keys may be restricted (e.g. no project delete, or only update issues assigned to that key). See the API and architecture docs for details. For typical developer and PM use, human keys are the default.