Connection URLs & API Keys

Learn how ToolBoost connection URLs work and how to manage your API keys securely.

Understanding Connection URLs

Every deployed MCP on ToolBoost has a unique connection URL that your AI clients use to connect to it.

URL Structure

A ToolBoost connection URL looks like this:

https://toolboost.dev/server/{author}/{mcp-slug}/mcp?api_key={YOUR_API_KEY}

Components:

• toolboost.dev - ToolBoost's domain
• /server - Endpoint for MCP servers
• {author} - The MCP author's username (URL-safe)
• {mcp-slug} - The MCP's unique identifier
• /mcp - MCP protocol endpoint
• ?api_key= - Your project's API key for authentication

Example URLs

GitHub MCP:

https://toolboost.dev/server/github/github-mcp-server/mcp?api_key=tb_abc123

Filesystem MCP:

https://toolboost.dev/server/modelcontextprotocol/servers-filesystem/mcp?api_key=tb_abc123

Supabase MCP:

https://toolboost.dev/server/supabase/mcp-server-supabase/mcp?api_key=tb_abc123

Finding Your Connection URL

Method 1: From MCP Detail Page

1. Go to the MCP's page (e.g., toolboost.dev/catalog/author/mcp-name)
2. Ensure the MCP is deployed to your project
3. Scroll to the "Use" section in the right sidebar
4. Find "Connection URL"
5. Click the "Copy URL" button

Method 2: From Dashboard

1. Go to your Project Dashboard
2. Select your project
3. Find the deployed MCP in the list
4. Click "View Details" or the settings icon
5. Copy the connection URL

Method 3: From Toolspector

1. Navigate to the MCP detail page
2. Click the "Toolspector" tab
3. The connection URL is shown at the top
4. Click to copy

API Keys

What are API Keys?

API keys authenticate your requests to ToolBoost. Each project has its own unique API key that grants access to all MCPs deployed in that project.

API Key Format

ToolBoost API keys follow this format:

tb_[random_characters]

Example:

tb_1a2b3c4d5e6f7g8h9i0j

Keep API Keys Secret

Never share your API keys publicly, commit them to version control, or expose them in client-side code.

Finding Your API Key

From Project Dashboard

1. Go to Dashboard → Projects
2. Select your project
3. Your API key is displayed (partially masked for security)
4. Click "Reveal" to see the full key
5. Click "Copy" to copy it

info

For security, the full API key is only shown once when you create the project. After that, it's partially masked.

From Connection URL

Your API key is embedded in any connection URL:

https://toolboost.dev/server/.../mcp?api_key=tb_your_key_here
                                              ^^^^^^^^^^^^^^^^

Multiple API Keys

You can have multiple API keys by creating multiple projects:

Work Project:

• API Key: tb_work_abc123
• MCPs: GitHub (work), Postgres (work DB)

Personal Project:

• API Key: tb_personal_xyz789
• MCPs: GitHub (personal), Filesystem

This separation allows you to:

• Track usage separately
• Apply different rate limits
• Manage team access differently
• Revoke access independently

Security Best Practices

1. Never Commit API Keys

❌ Don't do this:

// config.json
{
  "mcpServers": {
    "github": {
      "serverUrl": "https://toolboost.dev/server/github/github-mcp-server/mcp?api_key=tb_abc123"
    }
  }
}

Then committing config.json to Git.

✅ Do this instead:

Use environment variables:

.env (add to .gitignore):

TOOLBOOST_API_KEY=tb_abc123

config.json:

{
  "mcpServers": {
    "github": {
      "serverUrl": "https://toolboost.dev/server/github/github-mcp-server/mcp?api_key=${TOOLBOOST_API_KEY}"
    }
  }
}

.gitignore:

.env

2. Use Separate Keys for Different Environments

Create different projects for different environments:

• Development: tb_dev_key123
• Staging: tb_staging_key456
• Production: tb_prod_key789

This prevents accidental production data access during development.

3. Rotate Keys Regularly

Regenerate API keys periodically:

1. Go to Project Settings
2. Click "Regenerate API Key"
3. Update all your configurations with the new key

4. Restrict Access

Use ToolBoost's team features (Pro plan) to:

• Limit who can view API keys
• Set role-based permissions
• Audit API key usage

Regenerating API Keys

If your API key is compromised:

Step 1: Regenerate

1. Go to Project Dashboard
2. Select your project
3. Click "Settings" → "API Keys"
4. Click "Regenerate API Key"
5. Confirm the action
6. Copy the new API key

warning

The old API key will stop working immediately!

Step 2: Update Configurations

Update the API key in all your client configurations:

Claude Desktop:

{
  "mcpServers": {
    "github": {
      "serverUrl": "https://toolboost.dev/server/github/github-mcp-server/mcp?api_key=NEW_KEY"
    }
  }
}

Cursor:

{
  "mcpServers": {
    "github": {
      "serverUrl": "https://toolboost.dev/server/github/github-mcp-server/mcp?api_key=NEW_KEY",
      "headers": {
        "Authorization": "Bearer NEW_KEY"
      }
    }
  }
}

Step 3: Test

Verify the new key works by testing an MCP tool in your AI client.

Connection URL Best Practices

1. Copy, Don't Type

Always copy connection URLs from ToolBoost rather than typing them manually. This prevents typos in:

• Author names
• MCP slugs
• API keys

2. Use the Pre-Built Configs

ToolBoost provides ready-to-use configurations for each client:

1. Go to MCP detail page
2. Scroll to "Use" section
3. Expand your client's section (Claude Desktop, Cursor, etc.)
4. Click "Copy Config"
5. Paste directly into your config file

3. Keep URLs Up-to-Date

MCP authors may update their MCPs. When this happens:

• The connection URL usually stays the same
• ToolBoost handles the update automatically
• Check the MCP's changelog for breaking changes

4. Document Your URLs

Maintain a document of which MCPs are used where:

# Our MCP Configuration

## Production
- GitHub MCP: `https://toolboost.dev/server/github/github-mcp-server/mcp?api_key=tb_prod`
- Postgres MCP: `https://toolboost.dev/server/modelcontextprotocol/servers-postgres/mcp?api_key=tb_prod`

## Development
- GitHub MCP: `https://toolboost.dev/server/github/github-mcp-server/mcp?api_key=tb_dev`
- Postgres MCP (Test DB): `https://toolboost.dev/server/modelcontextprotocol/servers-postgres/mcp?api_key=tb_dev`

Troubleshooting

Invalid API Key

Error: 401 Unauthorized or Invalid API key

Solutions:

• Verify you copied the entire API key
• Check for extra spaces or characters
• Ensure the key hasn't been regenerated
• Try regenerating the key

MCP Not Found

Error: 404 Not Found

Solutions:

• Verify the MCP is deployed in your project
• Check the author and MCP slug are correct
• Ensure the MCP hasn't been removed from the catalog
• Try redeploying the MCP

Rate Limit Exceeded

Error: 429 Too Many Requests

Solutions:

• Check your plan's rate limits in the dashboard
• Upgrade to a higher plan
• Optimize your MCP usage
• Contact support for temporary limit increase

Connection Timeout

Error: Connection timeout or Request timeout

Solutions:

• Check your internet connection
• Verify ToolBoost's status at status.toolboost.dev
• Try again in a few moments
• Check if the MCP server is having issues

Advanced: Custom Domains

Enterprise customers can use custom domains for connection URLs:

https://mcp.your-company.com/server/author/mcp-name/mcp?api_key=YOUR_KEY

Contact sales@toolboost.dev for custom domain setup.

Next Steps

• Deploy MCPs
• Configure Claude Desktop
• Manage Environment Variables
• Monitor Usage

Need Help?

• Email: contact@toolboost.dev
• API Issues: status.toolboost.dev
• Security Concerns: security@toolboost.dev