Skip to main content

Unauthenticated access

The Keenable MCP server and CLI work without an API key. Free access is limited to 1,000 requests per hour (and at most 10 requests per second). For more information, see rate limits.

Authenticated access

Log in to obtain an API key and access to higher rate limits. Authenticated access removes the hourly request limit and applies a per-organization per-second limit.

CLI

Run keenable login and follow the browser flow to authenticate. The CLI uses device authorization, so an agent can provide the link for a human to complete. 
keenable login

MCP

The easiest way is via the CLI: 
# if not authenticated yet
keenable login

keenable configure-mcp --all
This detects supported clients and configures them with your credentials. Alternatively, create an API key in the console and add it manually — see API key header below.

API key header

For manual MCP setup, pass your API key as the X-API-Key header. 
claude mcp add keenable \
  --transport http https://api.keenable.ai/mcp \
  --scope user \
  --header "X-API-Key: keen_<your_key>"
Keys are scoped to your workspace, never expire on their own, and can be rotated at any time. Alternatively, you can pass your API key in the Authorization header using the Bearer scheme. This can be useful when integrating with MCP clients or frameworks that only support bearer tokens. 
Authorization: Bearer keen_<your_key>
If both headers are present, X-API-Key takes precedence.

Error responses

StatusMeaning
400Malformed API key (invalid format)
401Missing or invalid API key
403API key disabled or revoked
429Rate limit exceeded