Skip to main content

Management API

The Runlayer platform provides a RESTful API for programmatic management of your organization’s MCP infrastructure. Key Capabilities:
  • Server Management: Create, update, and delete MCP servers
  • User Operations: Read user information and permissions
  • Audit Logs: Query activity history and security events
  • Analytics: Access usage metrics and insights
For full interactive API documentation with request/response schemas and a built-in API explorer, visit /docs on your hosted Runlayer instance.

Authentication

All requests use a bearer token in the Authorization header. The base URL is your Runlayer instance with the /api/v1 prefix. 
export RUNLAYER_API_KEY="rl_..."
export RUNLAYER_BASE_URL="https://<your-tenant>.runlayer.com"

# List the servers you can access
curl "$RUNLAYER_BASE_URL/api/v1/servers" \
  -H "Authorization: Bearer $RUNLAYER_API_KEY"
Responses are JSON. Standard HTTP status codes apply — 401 for a missing or invalid key, 403 when the key’s role lacks access to the endpoint.

API Keys

Create API keys in Settings → Personal API keys or Settings → Organization API keys.
  • Personal API keys authenticate as the user who created them and work for user-scoped management API calls.
  • Organization API keys authenticate as the workspace and are scoped by role. Use them for workload-specific automation that should not depend on a user’s session.
Organization API key roles include:
RoleUse case
DeployCI/CD workflows that initialize, validate, deploy, pull, and destroy Runlayer Deploy deployments
Detect ScanShadow AI detection scan submissions
Security ScanSecurity scanner API submissions
For deploy pipelines, see CI/CD with organization API keys.

Analytics

View usage metrics

Audit Logs

Activity history