Holdify Holdify
Back to blog
Guide

How to Manage API Keys in Cursor with Holdify MCP

Centralized key management for your local AI setup. Create, verify, and rotate API keys without leaving your editor.

Jan 11, 2026 6 min read

If you're using Cursor for AI-assisted development, you know how often you need to manage API keys. Create a key for a new service, rotate a compromised key, check usage limits. Each task pulls you out of your flow.

With Holdify MCP, you can manage all your API keys directly from Cursor. No more context-switching to dashboards or CLI tools.

What You'll Learn

  • How to configure the Holdify MCP server in Cursor
  • Creating and verifying API keys through natural language
  • Managing key rotation and revocation
  • Checking usage and quota status

Prerequisites

Before you start, make sure you have:

  • Cursor installed on your machine
  • A Holdify account (free tier works fine)
  • A root API key from your Holdify dashboard

Step 1: Get Your Root Key

1. Open Dashboard

Go to app.holdify.io and sign in.

2. Create Root Key

Navigate to Settings → API Keys → Create Root Key.

Your root key has full access to manage other keys. Keep it secure and never commit it to version control.

Step 2: Configure MCP in Cursor

Open your Cursor MCP configuration file. On macOS/Linux, this is typically at ~/.cursor/mcp.json.

# ~/.cursor/mcp.json

{
  "mcpServers": {
    "holdify": {
      "command": "npx",
      "args": ["@holdify/mcp-server"],
      "env": {
        "HOLDIFY_API_KEY": "hld_root_xxxxxxxxxxxxx"
      }
    }
  }
}

Replace hld_root_xxxxxxxxxxxxx with your actual root key.

Step 3: Restart Cursor

After saving the configuration, restart Cursor to load the MCP server. You should see "holdify" in your available MCP tools.

Step 4: Create Your First Key

Now the fun part. Just ask Cursor to create an API key:

"Create an API key for the payments service with read-only access"

"Generate a new key for my mobile app with 1000 requests per day"

"Make a test key that expires in 24 hours"

Cursor will use the Holdify MCP to create the key and return it to you. The key is automatically stored in your Holdify dashboard.

Step 5: Verify and Manage Keys

You can also verify keys, check usage, and manage existing keys:

"How many requests has the mobile-app key made this month?"

"Rotate all keys that haven't been used in 30 days"

"Revoke the compromised key and create a replacement"

"Show me which keys are close to their rate limit"

Budget Alerts & Wallets Beta

We're currently testing dollar-based budgets and wallet management features with selected users. These features let you:

Revenue Protection (Beta)

Set dollar-based spending limits per key. Get alerts when budgets are running low, and automatically block requests when limits are reached.

Interested in early access? Contact us to join the beta program.

Troubleshooting

Common Issues

  • MCP server not loading:

    Make sure you've restarted Cursor after adding the configuration. Check that npx is in your PATH.

  • Authentication errors:

    Verify your root key is correct and hasn't been revoked. Root keys start with hld_root_.

  • Permission denied:

    Ensure your root key has the necessary permissions. By default, root keys have full access.

Next Steps

Now that you have Holdify MCP set up in Cursor, you can:

Get Started Free Full MCP Docs

Happy coding,
The Holdify Team

Ready to get started?

Start protecting your API with Holdify today. Free tier available.

Get Started Free Read more articles