Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.toebox.ai/docs/llms.txt

Use this file to discover all available pages before exploring further.

All ToeBox API endpoints require authentication. ToeBox uses API keys for authentication.

Getting your API key

1

Open Settings

Navigate to Settings in the ToeBox sidebar.
2

Find your API key

Under the API Keys section, you will see your ToeBox API key. Click Reveal to show the full key, or Copy to copy it to your clipboard.Your API key starts with the prefix tb_ followed by a unique identifier.

Using your API key

Include your API key in the Authorization header of every request: 
Authorization: Bearer tb_your-api-key

Example request

curl -X GET https://your-store.toebox.ai/api/agents \
  -H "Authorization: Bearer tb_your-api-key" \
  -H "Content-Type: application/json"

MCP endpoint authentication

The MCP endpoint uses the same API key but passes it as a query parameter: 
https://app.toebox.ai/mcp?api_key=tb_your-api-key
This format is required for compatibility with MCP clients (Claude Desktop, Cursor, etc.) that do not support custom headers.

MCP configuration example

{
  "mcpServers": {
    "toebox": {
      "url": "https://app.toebox.ai/mcp?api_key=tb_your-api-key"
    }
  }
}

Security best practices

Treat your API key like a password. Anyone with your API key can access your ToeBox agents and data.
  • Do not commit keys to version control — Use environment variables instead
  • Do not expose keys in client-side code — API calls should be made from your server
  • Rotate keys if compromised — Contact support@toebox.ai to regenerate your API key
  • Use HTTPS — All ToeBox API endpoints require HTTPS. HTTP requests are rejected.

Key format

ComponentFormat
Prefixtb_
Key body32-character alphanumeric string
Full exampletb_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6