What a Project Key does
It authenticates runtime calls from your project to SkillHub REST or MCP boundaries, while preserving policy checks, limits, and logs.
Developer operations
Project Keys
Project Keys are scoped credentials for runtime calls. They connect a signed-in project to approved Skills without exposing user secrets publicly.
Why runtime calls require it
SkillHub separates public inspection from execution. Project Keys prove project ownership and let operators audit who invoked what.
Create a key in 3 steps
Open the developer workspace, create or select a project, then issue a scoped key for the approved Skill set you plan to call.
REST example
Send Authorization: Bearer PROJECT_KEY to the runtime invoke endpoint with a Skill slug and typed input payload. Keep keys server-side.
MCP config example
Use the SkillHub MCP endpoint with a project-scoped key so Agent workbenches can list and call approved tools.
Rotate, revoke, audit
Rotate keys when owners change, revoke keys when a project is retired, and use logs to investigate runtime or billing-preview questions.
FAQ
Common questions
Can anonymous users invoke Skills?
No. Production runtime calls require a signed-in project and Project Key.
Should Project Keys appear in browser code?
No. Keep Project Keys server-side or inside trusted MCP configuration.