API Key Management

API keys can only be created by admins and owners of your organization. To generate a new key:

1. Navigate to Settings > API Keys in your Prowlo dashboard
2. Click the Generate Key button
3. Give your key a descriptive name (e.g., Claude Desktop, Cursor)
4. The full API key is displayed once — copy it immediately and save it somewhere secure
5. Keys follow the format prowlo_ followed by 32 characters

If a key is compromised or no longer needed, revoke it immediately:

1. Go to Settings > API Keys
2. Find the key you want to remove
3. Click the trash icon to revoke it
4. Revoked keys stop working immediately — any MCP sessions using that key will disconnect

By default, API keys have access to all MCP tools in your organization. The full suite of available tools includes:

• list_opportunities — Browse opportunities across your feed
• get_opportunity — Fetch detailed data on a specific opportunity
• submit_draft — Send engagement drafts to Prowlo for review
• get_product_profile — Retrieve your organization's product profile
• get_subreddit_intelligence — Access subreddit-specific engagement guidance
• keyword_list — List all tracked keywords with match statistics
• keyword_create — Add a new tracked keyword
• keyword_update — Activate or pause a tracked keyword
• keyword_delete — Remove a tracked keyword and its match history

Each API key is rate-limited to 60 requests per minute. This applies to all MCP tool calls made with that key.

When you make API requests, the response includes rate limit headers:

X-RateLimit-Limit: 60
X-RateLimit-Remaining: 45
X-RateLimit-Reset: 1712000400

The X-RateLimit-Reset header shows the Unix timestamp when your quota resets. If you exceed the limit, you'll receive a 429 Too Many Requests response — simply wait for the reset window and retry.