API Keys

API keys are required to authenticate with Pixello's MCP server and web canvas. This guide explains how to create, manage, and use API keys.

What Are API Keys?

API keys are secure tokens that identify you when making requests to Pixello services. They allow Pixello to:

Authenticate your requests
Track usage and enforce rate limits
Provide personalized experiences
Ensure only authorized users can access Pixello services

Creating Your First API Key

Visit pixello.tech
Click Sign In in the header (or Dashboard if already signed in)
Sign in with Google or create an account with email/password

Step 2: Access the Dashboard

After signing in, you'll be redirected to your dashboard. If you're already signed in, click Dashboard in the header.

Step 3: Create an API Key

In the dashboard, click Create API Key
Enter a descriptive name for your key (e.g., "Production Key", "Development Key")
Click Create
Important: Copy your API key immediately - you won't be able to see it again!

API Key Limits

Each user can have up to 5 active API keys
This allows you to use different keys for different environments or projects
Delete unused keys to create new ones

Using API Keys

With MCP Server

When configuring the MCP server in Cursor, include your API key in the configuration:

{
  "mcpServers": {
    "pixello": {
      "url": "https://mcp.pixello.tech/sse",
      "headers": {
        "Authorization": "Bearer YOUR_API_KEY_HERE"
      }
    }
  }
}

Replace YOUR_API_KEY_HERE with your actual API key.

With Web Canvas

When making requests to the web canvas API, include your API key in the Authorization header:

fetch('https://studio.pixello.tech/api/designs', {
  headers: {
    'Authorization': 'Bearer YOUR_API_KEY_HERE',
    'Content-Type': 'application/json'
  }
})

cURL Example

curl -X GET https://mcp.pixello.tech/api/verify \
  -H "Authorization: Bearer YOUR_API_KEY_HERE"

Managing API Keys

Viewing Your Keys

In your dashboard, you can see:

Key name
Creation date
Last used date (if applicable)
Status (Active/Inactive)

Note: For security, the full API key is only shown once when it's created. After that, only a masked version is displayed.

Revoking API Keys

Go to your dashboard
Find the API key you want to revoke
Click the Delete button (trash icon)
Confirm the deletion

Warning: Revoking an API key immediately invalidates it. Any applications or scripts using that key will stop working.

Best Practices

Use descriptive names: Name your keys based on their purpose (e.g., "Production", "Development", "CI/CD")
Rotate keys regularly: Delete and recreate keys periodically for better security
Don't share keys: Never commit API keys to version control or share them publicly
Use different keys: Use separate keys for different environments or projects
Revoke unused keys: Delete keys you're no longer using

Security

Protecting Your API Keys

Never commit keys to Git: Use environment variables or secure secret management
Don't share keys: Each key is tied to your account
Rotate compromised keys: If a key is exposed, delete it immediately and create a new one
Use environment variables: Store keys in .env files (and add them to .gitignore)

Example: Using Environment Variables

# .env file (add to .gitignore!)
PIXELLO_API_KEY=pk_live_your_key_here

// In your code
const apiKey = process.env.PIXELLO_API_KEY;

fetch('https://mcp.pixello.tech/api/endpoint', {
  headers: {
    'Authorization': `Bearer ${apiKey}`
  }
})

Troubleshooting

"Unauthorized: Invalid API key"

Verify you're using the correct API key
Check that the key hasn't been revoked
Ensure you're including the Bearer prefix: Bearer YOUR_API_KEY
Make sure there are no extra spaces or characters

"Maximum of 5 API keys allowed"

Delete an unused API key to create a new one
Consider if you really need 5 separate keys

"API key not found"

The key may have been deleted
Check that you copied the entire key when it was created
Create a new key if needed

API Key Format

Pixello API keys follow this format:

pk_live_<random_base64_string>

pk_live_ is the prefix indicating a production API key
The random string is a secure, base64url-encoded value

Next Steps

Now that you have an API key:

Configure the MCP Server with your API key
Create your first design
Learn about how Pixello works

Support

If you're having trouble with API keys:

Check the troubleshooting section above
Verify your account is active
Contact support if issues persist

What Are API Keys?​

Creating Your First API Key​

Step 1: Sign Up or Sign In​

Step 2: Access the Dashboard​

Step 3: Create an API Key​

API Key Limits​

Using API Keys​

With MCP Server​

With Web Canvas​

cURL Example​

Managing API Keys​

Viewing Your Keys​

Revoking API Keys​

Best Practices​

Security​

Protecting Your API Keys​

Example: Using Environment Variables​

Troubleshooting​

"Unauthorized: Invalid API key"​

"Maximum of 5 API keys allowed"​

"API key not found"​

API Key Format​

Next Steps​

Support​