API keys
API keys are bearer tokens for programmatic access to Vantaj. One key works for both surfaces:
- The REST API at
api.vantaj.co- full CRUD for monitors, heartbeats, domains, status pages, and incidents - The MCP server at
api.vantaj.co/mcp- connect Claude, Cursor, and other AI tools to your monitoring
Manage keys under Settings → API Keys. API access is available on paid plans.
Generating a key
- Go to Settings → API Keys
- Click Generate key, give it a name, and pick its scopes
- Copy the key and store it somewhere safe
Keys look like vtj_live_…. A key is shown only once at creation time - there's no way to view it again afterwards, so copy it before closing the dialog. If you lose a key, revoke it and generate a new one.
Scopes
Each key carries scoped permissions - monitors:read, monitors:write, and so on per resource, or coarse read/write for everything. Scopes apply identically to REST and MCP requests, so a read-only key makes the entire MCP tool surface read-only for a connected AI assistant.
Keeping keys secure
Treat an API key like a password - anyone who has it gets access at its scope. Don't commit keys to source control, embed them in client-side code, or paste them into shared documents. Store them in a secrets manager or environment variable. For AI clients, prefer a dedicated key with the narrowest scopes that work, so you can revoke it independently.
Using a key
Both the REST API and the MCP server authenticate with a standard bearer header:
Authorization: Bearer vtj_live_your_key_here
- REST: see the interactive API docs for every endpoint
- MCP: see the MCP server guide for per-client setup (Claude, Claude Code, Cursor, and more)
Rate limits and plan limits are enforced per key across both surfaces.