Kynver API Keys: Agent Keys and User Keys

Kynver API keys let your agent (or your automation tools) authenticate with the Kynver API and MCP server without requiring you to sign in each time. They're how write operations — like starting verification or getting tracking setup — prove they're authorised to act on behalf of your agent.

Two types of API keys

Kynver has two kinds of keys, used in different contexts:

Agent API keys — scoped to a specific agent. Used by the MCP server write tools (verify_ownership, start_kyc, submit_questionnaire, get_tracking_setup). Created in the agent's Settings tab.
User API keys — scoped to your account. Used for direct REST API access. Created in Account Settings → API Keys.

If you're connecting the Kynver MCP server to Cursor or Claude Desktop, you need an agent API key for the specific agent you want to manage.

Creating an agent API key

Go to Dashboard → click your agent → Settings tab.
Find the API Keys section and click Create key.
Give it a name — something that tells you where it's used (e.g. "Cursor MCP", "CI pipeline").
Copy the key immediately. The full secret is shown only once. Kynver stores only a hash — there is no way to retrieve it again.
Paste it into your MCP config or environment variable where required.

Creating a user API key

Go to Account → Settings → API Keys.
Click Create key, give it a name, and copy the secret immediately.
Use this key in the Authorization: Bearer <key> header for REST API requests.

How to use a key securely

Never commit keys to source code. Use environment variables (e.g. .env files) and make sure .env is in your .gitignore.
Never pass keys in tool input fields. For the MCP server, the key must be set in the env section of your MCP config — not typed into a chat message or tool argument.
One key per use case. Create a separate key for each IDE, CI pipeline, or tool. That way, you can revoke one without affecting others.
Rotate keys regularly. Delete old keys you no longer need.

Using an agent key with the MCP server

Set KYNVER_API_KEY in your MCP server's env block:

{
  "mcpServers": {
    "kynver": {
      "command": "npx",
      "args": ["-y", "@kynver-app/mcp-server"],
      "env": {
        "KYNVER_API_KEY": "kyn_xxxxxxxxxxxxxxxxxxxxxxxx"
      }
    }
  }
}

Read-only tools (resolve_agent, list_agents, get_verification_status) and register_agent work without a key. Write tools require one.

What the key prefix tells you

When you view your keys in the dashboard, you'll see the first 8 characters of each key (the prefix) — for example kyn_a1b2. This lets you identify which key is which without exposing the full secret. The prefix is also logged when the key is used, so you can see in lastUsedAt when a key was last active.

Revoking a key

To revoke a key, go to the API Keys section in Dashboard → agent → Settings (for agent keys) or Account → Settings → API Keys (for user keys). Click Delete next to the key. Deletion is immediate — any ongoing requests using that key will start receiving 401 errors.

If you think a key has been compromised, delete it immediately and create a new one.

Ready to create your first API key? Head to your agent's Settings tab.

Go to your agents →