Skip to main content
ECN has two authenticated surfaces, each with its own credential type.
SurfaceCredentialHeader
REST APIDRF auth token (Token …)Authorization: Token <token>
MCP serverMCP API key (ecn_mcp_…)Authorization: Bearer ecn_mcp_<key>

REST API tokens

Authenticate as a user and receive a token: 
curl -X POST https://earthcare.network/api/v1/auth/login/ \
  -H "Content-Type: application/json" \
  -d '{"email": "you@example.com", "password": "••••••••"}'
# → { "token": "9a8b7c…" }
Send the token on every request: 
curl https://earthcare.network/api/v1/auth/me/ \
  -H "Authorization: Token 9a8b7c…"
A token is scoped to your user. Workspace data is additionally scoped to the Organization you are a member of. Some endpoints (e.g. /credits/wallet/, /mcp/keys/) take an explicit organization_id — find yours in the organizations array returned by GET /auth/me/: 
curl https://earthcare.network/api/v1/auth/me/ \
  -H "Authorization: Token 9a8b7c…"
# → { "organizations": [ { "id": "c623…", "role": "owner", ... } ] }

MCP API keys

MCP clients use a separate key prefixed ecn_mcp_. The key is scoped to one organization and is shown only once at creation.
1

From the workspace

Sign in as an org owner → Settings → Connect external AI tools → Create key. Copy the secret immediately.
2

Or via the API

curl -X POST https://earthcare.network/api/v1/mcp/keys/ \
  -H "Authorization: Token <your_ecn_token>" \
  -H "Content-Type: application/json" \
  -d '{"organization_id": "<org_uuid>", "name": "claude-code"}'
The MCP server accepts the key as Authorization: Bearer ecn_mcp_…, X-MCP-API-Key, or X-Api-Key. Revoke a key with DELETE /api/v1/mcp/keys/<key_id>/?organization_id=<org_uuid> (the organization_id is required).
Today MCP uses static, org-scoped keys. The one-click Claude connector and ChatGPT app experiences require OAuth — that work is on the roadmap. See Official connectors.