API Key

Your API key is a persistent credential that authenticates all programmatic access to ShipStatic.

Format

ship-{64 hex characters}

Every key starts with the ship- prefix.

Properties

Where to find it

Your API key is available in the Web console under Settings > API key.

Usage

The CLI, SDK, and API all authenticate with your API key:

# CLI - flag or environment variable
ship ./dist --api-key ship-abc123...
export SHIP_API_KEY=ship-abc123...

// SDK - constructor option
new Ship({ apiKey: 'ship-abc123...' });

// API - Authorization header
Authorization: Bearer ship-abc123...

Configuration

Store your API key once and every tool picks it up:

Run ship config to store your key interactively.

Note: file-based config (.shiprc, package.json) is read by the CLI only. SDK consumers — and SDK-based integrations like the MCP server, VS Code extension, and n8n node — get credentials from constructor options or SHIP_API_KEY, never from your dotfile.

API Key vs Token

For automated or shared workflows, consider Tokens instead. Tokens are scoped to deploys, support an optional TTL, and are revocable — safer for CI/CD pipelines and collaborators.

When both are present, the token takes precedence for that request.

Security

• Never commit your API key. Treat it like a password — anyone with the key has full account access (deployments, domains, billing settings, the lot).
• Don't paste it into shared chats, screenshots, or pull requests. It won't appear in API responses or logs once stored.
• Use Tokens for CI and collaborators. Single-use, scoped to deploys, easy to revoke.
• Regenerate on suspected leak. Regeneration replaces the key — the old one stops working immediately. In-flight requests using the old key fail.
• One key per account. Rotation is the recovery path; there is no "secondary key" mechanism.