Skip to main content
Exchange your API key for a runtime token (JWT). Use the token as Authorization: Bearer <token> for MCP requests. Token lifetime: 60 minutes.
The token is for MCP requests only. App API endpoints (e.g. /api/automations) require Cognito login and do not accept this token.

Create an API Key

  1. Settings → API Keys → Create
  2. Copy the key immediately (shown once)
  3. Get your Organization ID from organization settings
New API keys may take up to 60 seconds to activate.

Exchange for Runtime Token

curl -s -X POST "https://app-api.app.pinkfish.ai/auth/token" \
  -H "X-Api-Key: YOUR_API_KEY" \
  -H "X-Selected-Org: YOUR_ORG_ID" \
  -H "Content-Type: application/json"
HeaderRequiredDescription
X-Api-KeyYesAPI key
X-Selected-OrgYesOrganization ID
Content-TypeYesapplication/json
Response: { "token": "eyJhbGciOi..." }

Using the Token

Use the token for MCP server requests. The server path depends on your MCP integration—see your MCP client configuration or the MCP integration guide for the correct path. 
curl -s -X POST "https://mcp.app.pinkfish.ai/<server-path>" \
  -H "Authorization: Bearer $PINKFISH_TOKEN" \
  -H "X-Selected-Org: $ORG_ID" \
  -H "Content-Type: application/json" \
  -H "Accept: application/json" \
  -d '{ ... }'

Bootstrap Script

Get token and export it. Requires curl and jq. 
#!/bin/bash
API_KEY="<YOUR_API_KEY>"
ORG_ID="<YOUR_ORG_ID>"

R=$(curl -s -X POST "https://app-api.app.pinkfish.ai/auth/token" \
  -H "X-Api-Key: ${API_KEY}" -H "X-Selected-Org: ${ORG_ID}" -H "Content-Type: application/json")
export PINKFISH_TOKEN=$(echo "$R" | jq -r '.token')
[ "$PINKFISH_TOKEN" = "null" ] || [ -z "$PINKFISH_TOKEN" ] && { echo "Auth failed"; echo "$R" | jq .; exit 1; }