remix-api-auth
Remix Authentication Setup
Use this skill when a user needs to authenticate a terminal, MCP client, or external service against Remix.
Auth Modes
- REST or custom services: send
Authorization: Bearer <api_key>tohttps://api.remix.gg. - CLI: run
remix login, then verify withremix whoami. - MCP: prefer
REMIX_API_KEY; if unset, the server can reuse CLI credentials from~/.config/remix/credentials.json.
Preferred Terminal Flow
curl -fsSL https://remix.gg/install.sh | bash
remix login
remix whoami
The CLI stores credentials in ~/.config/remix/credentials.json.
API Key Flow
- Log in to your Remix account.
- Go to
https://remix.gg/api-keys. - Create a new API key.
- Store it as a server-side secret or export
REMIX_API_KEY. - Use base URL
https://api.remix.gg.
Verification
Use one of these checks first:
remix whoamiremix config whereGET /healthGET /v1/gamesif the user explicitly wants an authenticated data call
Troubleshooting Invalid API Key
- Check whether
REMIX_API_KEYis overriding stored CLI credentials. - Check
Authorizationis formatted asBearer <api_key>. - Re-copy the key from
https://remix.gg/api-keysand rotate if needed. - Verify your service is reading the expected secret/env var in the current runtime.
- Confirm the request is server-side and not exposed through browser code.
- Run
remix whoami --jsonto inspect the resolved auth/config context. - If behavior seems inconsistent with local docs, use
https://api.remix.gg/docsas source of truth.
Current Auth Model
Server API base URL: https://api.remix.gg
Remix server API uses bearer API keys generated from Remix account settings.
Supported auth header:
Authorization: Bearer <api_key>for direct HTTP usage
Runtime precedence in the CLI is:
- explicit command flags
- environment variables
- stored config and credentials
- defaults
The backend resolves the key to a user and enforces ownership checks on game/version mutations.
How to Get an API Key
- Log in to your Remix account.
- Go to
https://remix.gg/api-keys. - Generate a new API key.
- Copy it once and store it in your server-side secret manager.
Required Headers
Authorization: Bearer <api_key>
Content-Type: application/json
Security Notes
- Never expose API keys in client-side browser code.
- Store in server env vars or secret manager.
- Revoke and rotate keys from
https://remix.gg/api-keys. - Usage updates
lastUsedautomatically.
API Authentication Rules
- Use API keys created from
https://remix.gg/api-keys. - Use
Authorization: Bearer <api_key>. - Send requests to
https://api.remix.gg. - Do not place keys in browser-side code.
- Rotate keys immediately if leaked.
- Account must not be banned or deleted.
More from farworld-labs/remix-skills
phaser-2d-arcade
Build mobile-first 2D browser games with Phaser 3 Arcade Physics
38remix-agent-publish
Build and publish Remix games with the current Remix toolchain. Use when work touches the official Remix CLI, MCP server, REST publishing APIs, or the @remix-gg/sdk game runtime.
38threejs-lite
Build lightweight mobile-friendly 3D browser games with Three.js
35remix-add-sprite
Generate and add sprites to a Remix game
32remix-game-sdk
Reference for the current @remix-gg/sdk runtime. Use when generating or repairing Remix game code, shop item integrations, save-state flows, multiplayer hooks, or host-safe mobile UI behavior.
32remix-game-creation
Create a new game draft via the Remix API
32