Skip to main content

Documentation Index

Fetch the complete documentation index at: https://developer.surefeedback.com/llms.txt

Use this file to discover all available pages before exploring further.

MCP keys vs API keys

SureFeedback has two types of keys:
API KeysMCP Keys
PurposeREST API accessAI assistant access via MCP
Auth headerX-API-KeyX-API-Key
ScopeOrganisationActive project
Created atSettings → API KeysIntegrations → AI / MCP
MCP keys are regular API keys with token_type: mcp. They are project-scoped — all tools and resources automatically operate within your active project.

Creating a key

Go to Integrations → AI / MCP → Manage MCP Keys → Create MCP Key. Select one or more permissions:
PermissionWhat it allows in MCP
Readsearch-comments, get-comment, search-sites, search-mockups, get-mockup-comments, list-members, summarize-feedback, get-pending-tasks, all resources
Writeupdate-comment-status, assign-comment
DeleteFuture destructive operations
For a read-only AI assistant, grant only Read. For an assistant that can update statuses and assign comments, add Write.

Passing the key

Pass your MCP key in the X-API-Key header on every request: 
POST https://api.surefeedback.com/mcp
X-API-Key: sf_your_key_here
Content-Type: application/json
Authorization: Bearer sf_your_key_here also works.

Key lifecycle

  • Revoke — disables the key immediately without deleting it
  • Regenerate — issues a new secret; the old key stops working immediately
  • Delete — permanently removes the key
  • Expiry — optionally set an expiry date when creating a key

Security

  • Never commit MCP keys to source control
  • Use the minimum permissions needed
  • Regenerate keys if you suspect compromise
  • Set expiry dates for temporary integrations