Invoker

Appearance

Authentication

All authenticated API endpoints require a valid API key sent in the Authorization header.

API key format

API keys use an inv_ prefix followed by a random string:

inv_a1b2c3d4e5f6g7h8i9j0...

Keys are stored as SHA-256 hashes in the database. The plaintext key is only shown once at creation time.

Sending your API key

Include the key as a Bearer token in every authenticated request:

bash
curl https://api.invoker.page/deploy \
  -H "Authorization: Bearer inv_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{"html": "<h1>Hello</h1>"}'

Obtaining an API key

There are two ways to get an API key:

Browser login flow

The MCP server's login tool opens your browser to complete email-based verification. On success, an API key is generated and saved to ~/.invoker/credentials.json.

Dashboard

You can generate and manage API keys from the dashboard at invoker.page/dashboard. This is useful for creating additional keys or revoking compromised ones.

Multiple keys

Each account supports multiple API keys. Use separate keys for different environments or integrations -- revoking one key does not affect the others.

Environment variable

When using the MCP server, you can set the INVOKER_API_KEY environment variable instead of going through the browser login flow:

bash
export INVOKER_API_KEY=inv_your_api_key_here

This is useful for CI/CD pipelines, Docker containers, or any headless environment where a browser is not available. When this variable is set, the MCP server uses it directly and skips the login flow.

You can also pass it in your MCP server configuration:

json
{
  "mcpServers": {
    "invoker": {
      "command": "npx",
      "args": ["-y", "invoker-mcp"],
      "env": {
        "INVOKER_API_KEY": "inv_your_api_key_here"
      }
    }
  }
}

Key management

Manage your API keys from the Invoker dashboard:

  • View all active keys and their creation dates
  • Generate new keys
  • Revoke keys that are no longer needed or may be compromised

Keep keys secret

API keys grant full access to your account. Do not commit them to version control, expose them in client-side code, or share them publicly.

Deploy forms and sites from AI conversations.

Invoker