Skip to main content
Every request to the Open API — public data included — requires a personal API key (PAT). Keys are bound to a SeeSaw user account: public tools see the world, *_my_* tools see that account.

Using your key

Send it as a standard bearer token on both faces:
# REST
curl -H "Authorization: Bearer sspat_YOUR_KEY" \
  "https://api.seesaw.fun/open/v1/topics?limit=5"
# MCP
claude mcp add --transport http seesaw https://api.seesaw.fun/mcp \
  --header "Authorization: Bearer sspat_YOUR_KEY"
There is no OAuth flow and no token exchange: the key itself is the credential on every request.

Key facts

PropertyValue
Formatsspat_ prefix + 40 random characters
ShownOnce, at creation — only a hash is stored server-side
ExpiryNever (revocable anytime)
Scoperead (the only scope in this beta)
Per userUp to 5 active keys
RevocationTakes effect within ~60 seconds (validation cache window)

Getting and managing keys

During the beta, keys are issued by the SeeSaw team — contact us through your existing SeeSaw channel with the account to attach the key to. Self-service creation and revocation in the app is planned; this page will be updated when it ships. Key management lives on the app API (JWT-authenticated, /v1/users/me/api-keys) — it is deliberately not part of the Open API surface, so a leaked key cannot mint or revoke keys.

Security notes

  • Treat keys like passwords. A key can read your balance, positions, and P&L. Don’t paste it into shared prompts, logs, or screenshots.
  • Don’t commit keys to git. The sspat_ prefix is designed to be secret-scanner friendly; treat any committed key as leaked.
  • Leaked? Revoke it immediately and get a fresh one. Revocation propagates in about a minute.
  • Prefer one key per client/integration so you can revoke narrowly.

What’s next

OAuth 2.1 is planned for a later phase — it unlocks clients where you can’t set custom headers (claude.ai web connectors, ChatGPT connectors). API keys will keep working unchanged.