API Keys & Authentication

API keys authenticate MCP clients (like the Barrd CLI) and any direct API calls. Manage them from your profile page under API Keys.

Creating a key

Click Create API Key. Give it a name (e.g. “Claude Code” or “CI pipeline”) and optionally select scopes.

The full key is shown once. Copy it. It won’t be displayed again.

The profile page also shows the key in a ready-to-paste MCP config block:

{
  "barrd": {
    "command": "/usr/local/bin/barrd-mcp",
    "env": {
      "BARRD_API_KEY": "live_..."
    }
  }
}

Scopes restrict what a key can access. Leave scopes empty for full access.

Available resources: sessions, tasks, plans, decisions, documents, projects.

Each resource supports :read and :write permissions. A :write scope includes read access for that resource.

Scope reference

sessions:read View session data

sessions:write Create and update sessions

tasks:read View tasks and progress logs

tasks:write Create, update, and delete tasks

plans:read View plans and status

plans:write Create and update plans

documents:read View documents

documents:write Create and update documents

decisions:read View decisions

decisions:write Create and update decisions

projects:read View projects

projects:write Create and manage projects

The API Keys section on your profile shows all active keys with:

Click Revoke to permanently disable a key. Revoked keys stop working immediately.

Barrd doesn’t expire keys automatically. To rotate:

2FA adds a TOTP code to your login. Set it up from your profile page:

Click Enable 2FA
Scan the QR code with an authenticator app (1Password, Authy, Google Authenticator)
Enter the code to confirm

Barrd generates backup codes when you enable 2FA. Save them somewhere safe. Each backup code works once.

Installation Connect the Barrd MCP server to Claude Code, Claude Desktop, or other clients.

Organizations & Teams Invite your team and manage roles.