> ## Documentation Index
> Fetch the complete documentation index at: https://veryfront.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Manage project access

> Manage project members, API keys, and OAuth access.

Manage access before users, services, or integrations run project work.

## Steps

1. Create API keys for trusted services.
2. Invite users who need project access.
3. Connect OAuth providers for user-authorized integrations.
4. Review access before running work in a project.

## Try it with REST

List active API keys:

`GET /api-keys?status=active`

```bash title="Terminal" theme={null}
curl "https://api.veryfront.com/api-keys?status=active" \
  -H "Authorization: Bearer $VERYFRONT_API_KEY"
```

Create a server-side key:

`POST /api-keys`

```bash title="Terminal" theme={null}
curl -X POST https://api.veryfront.com/api-keys \
  -H "Authorization: Bearer $VERYFRONT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "CI key"
  }'
```

## API surfaces

| Surface | Start here                                                                                                                                                         |
| ------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| REST    | [API Keys](/cloud/rest/api-reference/api-keys/create-api-key), [OAuth](/cloud/rest/api-reference/oauth/create-oauth-connect-session), [REST overview](/cloud/rest) |
| GraphQL | [API Keys](/cloud/graphql/operations/api-keys/queries/apikeys), [Create API Key](/cloud/graphql/operations/api-keys/mutations/createapikey)                        |
| MCP     | [List API Keys](/cloud/mcp/tools/list-api-keys), [Create API Key](/cloud/mcp/tools/create-api-key)                                                                 |

## Verify

Confirm the current user has access to the target project.

Rotate or delete keys that no trusted client uses.

## Access surfaces

| Surface           | Use it for                                        |
| ----------------- | ------------------------------------------------- |
| API keys          | Trusted server-side clients and MCP clients.      |
| Project members   | Human access to project resources.                |
| OAuth connections | User or workspace authorization for integrations. |

## API reference

| API                       | Use                                                   |
| ------------------------- | ----------------------------------------------------- |
| [REST](/cloud/rest)       | API keys, OAuth, users, project users, and favorites. |
| [GraphQL](/cloud/graphql) | User and member views.                                |
| [MCP](/cloud/mcp)         | User, member, API key, and favorite tools.            |