McCoy IQMcCoy IQ HelpSign in

API Keys

API keys let you access your McCoy IQ account programmatically — through the MCP server, custom integrations, or scripts.

Creating an API key

  1. 1

    Go to Developer in the sidebar (at the bottom).

  2. 2

    Click Create API Key.

  3. 3

    Give it a label (e.g., "Claude Code", "CI Pipeline"). Labels help you identify which key is used where.

  4. 4

    Copy the key immediately — it starts with miq_live_ and is only shown once. Store it somewhere secure (password manager, environment variable, etc.).

Developer page with API keys

Using your API key

Include your API key in the X-API-Key header on all requests to api.mccoyapp.com:

curl https://api.mccoyapp.com/iq/organizations \
  -H "X-API-Key: miq_live_your_key_here" \
  -H "X-Client-Platform: web" \
  -H "X-Client-Version: 1.0.0"

API keys don't expire. They have the same access level as your logged-in account — they can create roles, publish challenges, and read responses.

Common use cases

MCP Server (Claude Code)

The McCoy IQ MCP server uses your API key to manage roles, challenges, and responses from Claude Code. Set the key as the MIQ_API_KEY environment variable.

Custom integrations

Build custom workflows — for example, automatically create a role and challenge whenever a new job is posted in your ATS, or pull responses into your internal review tool.

Automation scripts

Bulk operations like creating roles from a spreadsheet, generating challenges for multiple positions, or exporting response data.

Managing keys

  • View all keys — the Developer page shows all your active keys with their labels and creation dates.
  • Revoke a key — click the delete button next to any key to revoke it immediately. Revoked keys stop working instantly.
  • Multiple keys — create separate keys for different tools or environments (e.g., one for Claude Code, one for your CI pipeline). This way you can revoke one without affecting others.

Security best practices

  • Never commit keys to source control. Use environment variables or a secrets manager instead.
  • Use one key per tool. If a key is compromised, you only need to rotate that one key.
  • Revoke unused keys. If you stop using a tool or integration, revoke its key.
  • Rotate keys periodically. Create a new key, update your tools, then revoke the old one.
  • Monitor usage. If you see unexpected activity, revoke all keys and create new ones.