Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.manticscore.com/llms.txt

Use this file to discover all available pages before exploring further.

ManticScore lets you store API keys for third-party services so that Forge, the AI agent, and automation features can use them on your behalf. Keys are encrypted at rest and are never returned in plaintext — only a masked preview is shown after saving.

Supported secrets

KeyWhat it enables
github_patGitHub Personal Access Token — required for Forge to create branches and pull requests
anthropic_api_keyAnthropic API key — allows the agent to use your own API quota
openai_api_keyOpenAI API key — allows the agent to use your own API quota

Save or update secrets

Send a PUT request with the keys you want to set. You can set multiple keys in one call. Pass null to clear a key. Any key you omit is left unchanged. 
PUT /secrets
Authorization: Bearer <token>
Content-Type: application/json

{
  "github_pat": "ghp_your_token_here",
  "anthropic_api_key": "sk-ant-your_key_here",
  "openai_api_key": null
}
Response: 
{
  "github_pat": "ghp_...****",
  "anthropic_api_key": "sk-ant-...****",
  "openai_api_key": null,
  "has_github_pat": true,
  "has_anthropic_key": true,
  "has_openai_key": false
}
The response shows masked values (only the first few characters) and boolean flags for each key. Use the has_* flags in your UI — they reliably indicate whether a key is stored without leaking any part of the actual value.
Keys are never returned in full after saving. If you need to rotate a key, simply call PUT /secrets with the new value.

Read current status

GET /secrets
Authorization: Bearer <token>
The response has the same shape as the PUT response — masked values and has_* boolean flags.

Clearing a key

To remove a stored key, pass null for that key: 
PUT /secrets
Authorization: Bearer <token>
Content-Type: application/json

{"github_pat": null}
Omit the other keys to leave them unchanged.

Bootstrap includes secrets status

When you call GET /auth/bootstrap on app launch, the response includes your secrets status so you don’t need a separate round trip: 
{
  "secrets": {
    "github_pat": "ghp_...****",
    "anthropic_api_key": null,
    "openai_api_key": null,
    "has_github_pat": true,
    "has_anthropic_key": false,
    "has_openai_key": false
  }
}
Use the bootstrap call on app launch to check which keys are stored before prompting the user to connect integrations.