Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.ghostlyx.com/llms.txt

Use this file to discover all available pages before exploring further.

What API tokens are for

API tokens authenticate requests to the GhostlyX REST API and the MCP server. They are required if you want to query your analytics data programmatically or connect an AI assistant to GhostlyX.

Creating a token

  1. Go to Settings > API Tokens.
  2. Click Create token.
  3. Give the token a descriptive name (for example, “Claude Desktop” or “CI reporting script”).
  4. Click Create.
  5. Copy the token value immediately. It is shown only once.
The token value is displayed once at creation. If you lose it, you will need to revoke the token and create a new one.

Token scope

All tokens currently provide read-only access to analytics data for all sites on your account. Write access (for example, creating annotations) is also available through the MCP server using the same token. There is no per-site token scoping at this time.

Revoking a token

  1. Go to Settings > API Tokens.
  2. Click Revoke next to the token you want to remove.
  3. Confirm the action.
Revocation is immediate. Any system using the revoked token will receive authentication errors until it is updated with a valid token.

Security

  • Store tokens in environment variables or a secrets manager. Never hardcode them in source code.
  • Rotate tokens periodically, especially if a token may have been exposed.
  • Revoke tokens that are no longer in use.