Skip to main content
Most users do not need to handle authentication directly. Sign in at openrush.io, connect your AI agent from Setup, and OpenRush handles access for you. Developers can also create API keys for server-side integrations. Use the Dashboard:
  • Setup to connect an AI agent.
  • API access to create and revoke API keys.
  • Activity to see recent API and MCP usage.

API keys for developers

Send your key in the Authorization header:
curl "https://api.openrush.io/v1/me/credits" \
  -H "Authorization: Bearer $OPENRUSH_KEY"
You can also send:
curl "https://api.openrush.io/v1/me/credits" \
  -H "X-API-Key: $OPENRUSH_KEY"
API keys use the or_ prefix. The full key is returned only once when it is created. OpenRush stores a hash, fingerprint, and display prefix, not a retrievable raw key.

Dashboard sessions

When you use the Dashboard or OAuth-based MCP, OpenRush uses your signed-in account. You do not need to copy tokens manually. For advanced integrations, public API routes can also accept a valid Dashboard session bearer token:
curl "https://api.openrush.io/v1/me/credits" \
  -H "Authorization: Bearer $SUPABASE_ACCESS_TOKEN"
OpenRush maps that session to the same account used by API keys. This keeps credits, usage, and billing shared across Dashboard, API key, and MCP access.

Unauthenticated endpoints

This public endpoint does not require an API key:
MethodPathPurpose
GET or POST/v1/capabilitiesDiscover enabled tools and sources

Create and revoke user credentials

You can create and revoke keys in API access, or use the account API directly. Create a new key for the current account:
curl -X POST "https://api.openrush.io/v1/me/api-credentials" \
  -H "Authorization: Bearer $OPENRUSH_KEY" \
  -H "Content-Type: application/json" \
  -d '{"name":"production agent"}'
Revoke a key owned by the current account:
curl -X POST "https://api.openrush.io/v1/me/api-credentials/$CREDENTIAL_ID/revoke" \
  -H "Authorization: Bearer $OPENRUSH_KEY"
Store the returned key immediately. It is shown once and cannot be retrieved later.