API Reference

Authentication

How to authenticate with the Stora REST API and MCP server using API keys.

Authentication#

Every request to the Stora API must include an API key in the Authorization header.

API Keys#

Generate keys at Settings > API & MCP in the Stora dashboard.

Authorization: Bearer sk_stora_...

API keys authenticate both the REST API and the MCP server.

Creating a Key#

Go to Settings > API & MCP
Enter a name (e.g. "CI Pipeline", "Blitz", "MCP")
Click Create Key
Copy the key immediately — it is shown only once

Security#

Keys grant full access to your account. Treat them like passwords.
Store keys in environment variables. Never commit them to version control.
Rotate keys regularly. Delete unused keys from the settings page.
Each key has a unique prefix (e.g. sk_stora_abc...xyz) for identification.

Rate Limits#

API requests are limited to 100 requests per minute per API key. Exceeding the limit returns a 429 response with a Retry-After header.

Example#

bash

curl -H "Authorization: Bearer sk_stora_..." \
  https://www.stora.sh/api/v1/projects

MCP Server#

The same API key authenticates the Stora MCP server for use with Claude Code and other AI tools:

json

{
  "mcpServers": {
    "stora": {
      "command": "npx",
      "args": ["-y", "@stora-sh/mcp"],
      "env": {
        "STORA_API_KEY": "sk_stora_..."
      }
    }
  }
}

See the MCP setup guide for full instructions.

Error Responses#

| Status | Meaning | |---|---| | 401 | Missing or invalid API key | | 403 | Key valid but insufficient permissions | | 429 | Rate limit exceeded — check Retry-After header |