These docs cover the S6S workflow engine — the developer playground layer underneath the product. For the main AI Visibility product (brand monitoring, the unified Report, fix actions), start at /docs/ai-visibility.

API Keys

Authenticate with the S6S API using Bearer tokens.

What are API keys?

API keys are Bearer tokens that authenticate your requests to the S6S API. Every call to the /api/v1/* endpoints requires a valid API key. Keys are scoped to your account — any workflow you deploy or run with a key belongs to your account.

Creating an API key

  1. Sign in to s6s.ai.
  2. Navigate to API Keys in the sidebar.
  3. Click Create API Key and give it a descriptive name (e.g. “production” or “ci-pipeline”).
  4. Copy the key immediately. It starts with s6s_ and is only shown once.

Important

If you lose your key, you cannot retrieve it. Create a new one and delete the old key from the API Keys page.

Using your API key

Pass your API key as a Bearer token in the Authorization header. Here are examples for each integration method:

curl

curl https://s6s.ai/api/v1/workflows \
  -H "Authorization: Bearer s6s_your_api_key"

MCP server configuration

claude_desktop_config.json / .cursor/mcp.json
{
  "mcpServers": {
    "s6s": {
      "command": "npx",
      "args": ["@s6s/mcp-server"],
      "env": {
        "S6S_API_KEY": "s6s_your_api_key",
        "S6S_BASE_URL": "https://s6s.ai"
      }
    }
  }
}

TypeScript SDK

import { S6SClient } from "@s6s/sdk";

const client = new S6SClient({
  apiKey: process.env.S6S_API_KEY!,   // "s6s_your_api_key"
  baseUrl: "https://s6s.ai",          // optional, defaults to s6s.ai
});

const result = await client.deploy({
  name: "My Workflow",
  trigger: { type: "manual" },
  steps: [{ ref: "hello", action: "transform", config: { template: { msg: "hi" } } }],
  flow: ["hello"],
});

console.log(result.runId);

Environment variable

Shell
export S6S_API_KEY=s6s_your_api_key

Both the SDK and MCP server read from S6S_API_KEY by default when no key is passed explicitly.

Security best practices

  • Never commit keys to git. Add .env to your .gitignore and use environment variables in CI/CD.
  • Use environment variables. Store your key in S6S_API_KEY rather than hardcoding it in source files.
  • Rotate keys if compromised. If you suspect a key has been exposed, delete it immediately from the API Keys page and create a new one.
  • Each key is scoped to your account. Anyone with your key can deploy and run workflows as you. Treat it like a password.

Rate limits

The S6S API enforces rate limits to ensure fair usage and platform stability:

EndpointLimitWindow
POST /workflows/deploy30 requestsper minute, per IP
POST /api/webhooks/*60 requestsper minute, per IP, per path
All other endpoints120 requestsper minute, per IP

When you exceed a rate limit, the API returns a 429 Too Many Requests response with a Retry-After header indicating how many seconds to wait before retrying.

429 Response
HTTP/1.1 429 Too Many Requests
Retry-After: 12
Content-Type: application/json

{
  "error": "rate_limit_exceeded",
  "message": "Too many requests. Retry after 12 seconds."
}

Start building

Create your API key and deploy your first workflow.