Updates

Stay up to date with all of the latest feature releases, bug fixes and improvements we've made to Fernand. Want to be notified? Follow us on 𝕏.com.

← Back to all updates
  • Scoped API keys
    Scoped API keys in Fernand

    Until now, a Fernand API key was all-or-nothing: whoever held it could do everything your account could. That's fine for a trusted backend script, but it's the wrong shape for the world we're now living in, one where you hand credentials to coding agents and AI assistants that act on your behalf.

    So we rebuilt API keys around permissions. Every key you create now carries its own set of scopes, so you decide exactly what it can and can't do.

    • Read-only keys so an agent can pull conversations, articles, and analytics without ever writing a thing
    • Single-purpose keys that grant only the actions a job needs, like responding to conversations or updating knowledge base content, and nothing else
    • Resource-scoped keys that limit a key to one or multiple specific permissions so its reach stops where you want it to

    This is exactly what you want when working with Claude Code, Codex, Cursor, Cowork, and other AI agents. Spin up a read-only key to let an agent explore your data safely, or a tightly-scoped key so it can automate one workflow without touching anything else. If a key ever leaks, the blast radius is whatever you scoped it to, and you can revoke it in one click.

    Dial each key to what it needs. Create your first scoped key from Settings, Integrations, API keys.