Authentication
All API endpoints (except form submission) require a valid API key.
API Key Format
API keys follow the format inv_ followed by a random string:
inv_a1b2c3d4e5f6g7h8i9j0...Keys are stored as SHA-256 hashes in the database. The plaintext key is only visible at creation time.
Sending Your Key
Include the API key as a Bearer token in the Authorization header:
bash
curl https://api.invoker.page/deploy \
-H "Authorization: Bearer inv_your_api_key_here" \
-H "Content-Type: application/json" \
-d '{"html": "<h1>Hello</h1>"}'Obtaining an API Key
Browser Login (MCP Server)
The MCP server's login tool opens your browser for email verification and generates a key saved to ~/.invoker/credentials.json.
Dashboard
Generate and manage keys at invoker.page/dashboard. From the dashboard you can:
- View active keys and their creation dates
- Generate new keys
- Revoke compromised keys
Environment Variable
For CI/CD pipelines or headless environments:
bash
export INVOKER_API_KEY=inv_your_api_key_hereOr pass it through MCP server configuration:
json
{
"mcpServers": {
"invoker": {
"command": "npx",
"args": ["-y", "invoker-mcp"],
"env": {
"INVOKER_API_KEY": "inv_your_api_key_here"
}
}
}
}WARNING
API keys grant full access to your account. Do not commit them to version control, expose them in client-side code, or share them publicly.