Your workspace API key is the shared secret that proves automated clients belong to your PingChange workspace. It is created automatically when the workspace is provisioned; you manage it from the dashboard—there is no separate signup step for the key itself.
Open API keys in Settings
- Go to Dashboard → Settings.
- In the left sidebar, select API keys (not Workspace, which is for name and location only).
- Find the Workspace API key card at the top of the page.
The card explains that this key is used for the Workspace API, RSS feeds, and your MCP server.
Copy or reveal the key
The secret is hidden by default (shown as a password field).
- Click Show to reveal the key in the field (useful before copying manually).
- Click Copy to copy the full secret to your clipboard.
Store the key like a password. Anyone who has it can read private feeds and call MCP tools with your workspace’s permissions.
Regenerate the key
If the key was exposed (pasted in chat, committed to git, or embedded in a public RSS URL), rotate it:
- On the same card, click Regenerate key (destructive action).
- Wait for the success toast.
- Update every integration that used the old value:
- RSS feed URLs (
apiKey=query parameter) - MCP client config (
Authorization: Bearer …) - Any scripts or tools that call PingChange APIs with the key
- RSS feed URLs (
Old URLs and Bearer tokens stop working immediately after regeneration.
Where the key is used
| Integration | How the key is sent |
|---|---|
| RSS | Query parameter: ?apiKey=YOUR_WORKSPACE_API_KEY |
| MCP | HTTP header: Authorization: Bearer YOUR_WORKSPACE_API_KEY |
| Workspace API | Same Bearer header on supported REST routes |
See RSS feeds and MCP integration for setup steps that reference this key.
Security practices
- Prefer HTTPS only; never send the key over plain HTTP in production.
- Do not commit keys to repositories or post feed URLs in public channels.
- Regenerate promptly if you suspect leakage; update clients before sharing new URLs.