Skip to main content

API Key Setup

1

Get API Key

Sign up or log in at app.greptile.com and copy your API key.
2

Test Connection

Verify the MCP server is reachable by testing with curl:
curl -X POST https://api.greptile.com/mcp \
  -H "Authorization: Bearer YOUR_GREPTILE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":1,"method":"ping"}'
You should receive: {"jsonrpc":"2.0","id":1,"result":{}}

MCP Client Configuration

Claude Desktop

Location: ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) 
{
  "mcpServers": {
    "greptile": {
      "command": "node",
      "args": ["/path/to/greptile-mcp-server.js"],
      "env": {
        "GREPTILE_API_KEY": "your-api-key-here"
      }
    }
  }
}

Custom Applications

Direct HTTP Integration: 
const response = await fetch('https://api.greptile.com/mcp', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Authorization': `Bearer ${API_KEY}`
  },
  body: JSON.stringify({
    jsonrpc: '2.0',
    id: Date.now(),
    method: 'tools/call',
    params: { name: 'list_custom_context', arguments: {} }
  })
});
Environment Variables: 
export GREPTILE_API_KEY="your-api-key-here"

Authentication Verification

1

Check MCP Connection

Run claude mcp list to confirm the server shows as connected:
greptile: https://api.greptile.com/mcp (HTTP) - ✓ Connected
2

Test Tools

Ask Claude to use Greptile tools:
  • “What custom context does my organization have?”
  • “List recent merge requests”
  • “Search for security-related comments”
3

Verify Data Access

Confirm the tools return your organization’s actual data, not errors.

Common Authentication Errors

Invalid API Key: 
{
  "jsonrpc": "2.0",
  "id": 1,
  "error": {
    "code": -32603,
    "message": "Authentication failed"
  }
}
Insufficient Permissions: 
{
  "jsonrpc": "2.0",
  "id": 1,
  "error": {
    "code": -32000,
    "message": "Repository does not belong to your organization"
  }
}

Security Best Practices

  • Store API keys in environment variables, not code
  • Use separate API keys for different environments
  • Rotate API keys regularly
  • Monitor API key usage in Greptile dashboard
  • Restrict API key permissions to minimum required scope