UnaFonte
Back to homeGet Started
API Keys & MCPMenu

API Keys & MCP

MCP (Model Context Protocol) lets AI assistants like Claude Desktop read and write to your UnaFonte account directly. You say "I just launched a giveaway on X, ends Friday" and the AI proposes a ledger entry for you to approve. No copy-pasting, no context switching.

Two Access Levels

  • Public (Read) — Anyone's AI can verify your identity and read your ledger. No API key needed.
  • Authenticated (Write) — Your AI can propose ledger entries on your behalf. Requires an API key.

Generating an API Key

  1. Go to Dashboard → API Keys
  2. Click Generate API Key
  3. Give it a descriptive name ("Claude Desktop", "My GPT", "LangChain Agent", etc.)
  4. Optionally set an expiry date (recommended for agent keys)
  5. Copy the key immediately — it's shown only once

Never share your API key

Your API key authorizes writes to your UnaFonte account. Treat it like a password. Never commit it to git, never share it in Slack, and rotate it immediately if you think it leaked.

Connecting Claude Desktop

  1. Open your Claude Desktop config at ~/.claude/claude_desktop_config.json
  2. Add the UnaFonte MCP server:
json
{
  "mcpServers": {
    "unafonte": {
      "command": "npx",
      "args": ["@unafonte/mcp-server@latest"],
      "env": {
        "UNAFONTE_API_KEY": "uf_abc123..."
      }
    }
  }
}
  1. Save the file and fully restart Claude Desktop
  2. Claude will now have access to UnaFonte tools — try saying "I just launched a giveaway, can you add it to my ledger?"

Available MCP Tools

Once connected, your AI has access to these tools:

  • unafonte_verify — Answer verification questions (public)
  • unafonte_get_identity — Get identity info for any user (public)
  • unafonte_get_ledger — Get active ledger and NOT ME rules (public)
  • unafonte_propose_entry — Propose a ledger entry for approval (authenticated)
  • unafonte_verify_agent — Verify an agent credential (public)
  • unafonte_register_agent — Register a new AI agent (authenticated)
  • unafonte_list_agents — List your registered agents (authenticated)
  • unafonte_revoke_agent — Revoke an agent credential (authenticated)

The Propose Entry Flow

When your AI proposes a ledger entry via unafonte_propose_entry, it's created in the PENDING state. You'll get an email notification with a one-click approve/reject link. Approved entries go live immediately; rejected entries are deleted.

Human in the loop by design

AI-proposed entries always require your approval before going public. This is a deliberate design choice — your ledger is the source of truth, and only you should publish to it. The AI's job is to save you typing, not to act autonomously.

Revoking API Keys

Revoke keys from Dashboard → API Keys any time. Revocation is instant — the next API call using that key will fail with a 401. Revoked keys are kept in the database for audit trail purposes but can no longer authenticate.

Security Details

  • Keys are hashed with SHA-256 before storage — the raw key is never saved
  • Key verification uses timing-safe comparison to prevent timing attacks
  • Every API call logs the key's last-used timestamp so you can spot unusual activity
  • Rate limiting is enforced per-key (10 writes/min, 30 reads/min)

Direct API Access

You can also call UnaFonte's API directly without MCP. Include the key as a bearer token:

bash
curl https://unafonte.com/api/ledger/propose \
  -H "Authorization: Bearer uf_abc123..." \
  -H "Content-Type: application/json" \
  -d '{
    "type": "GIVEAWAY",
    "title": "iPhone 15 Giveaway",
    "channels": ["X", "YouTube"],
    "expiresAt": "2026-04-15T23:59:59Z"
  }'