fathom-fyi

rotate_api_key

Generate a new API key for Fathom financial intelligence, deactivate the old key, and return the new value for updating MCP configuration.

Instructions

Rotate your Fathom API key. Generates a new key, deactivates the old one, and returns the new key. The user must update their MCP config with the new key. Max 3 rotations per day. Requires Starter tier or above.

Input Schema

TableJSON Schema

Name	Required	Description	Default
No arguments

Implementation Reference

src/tools/rotate-api-key.ts:19-86 (handler)

The handler function for the rotate_api_key tool, which performs the actual API call to rotate the key.

export async function rotateApiKey(): Promise<RotateKeySuccess | RotateKeyError> {
  const currentKey = process.env.FATHOM_API_KEY;

  if (!currentKey) {
    return {
      error: true,
      error_source: 'rotate_api_key',
      message: 'No FATHOM_API_KEY found in environment.',
      agent_guidance: 'The user has no API key configured. They must set FATHOM_API_KEY in their .env file or MCP config first. Key rotation is only available to paid tiers (Starter+).',
    };
  }

  try {
    const res = await fetch('https://fathom.fyi/api/rotate-key', {
      method: 'POST',
      headers: {
        'Authorization': `Bearer ${currentKey}`,
        'Content-Type': 'application/json',
      },
      signal: AbortSignal.timeout(10000),
    });

    if (res.status === 401) {
      return {
        error: true,
        error_source: 'rotate_api_key',
        message: 'Current API key is invalid or inactive.',
        agent_guidance: 'The user\'s current API key was rejected. They may need to check their subscription status at https://fathom.fyi or contact support.',
      };
    }

    if (res.status === 429) {
      return {
        error: true,
        error_source: 'rotate_api_key',
        message: 'Rate limit exceeded. Maximum 3 key rotations per day.',
        agent_guidance: 'The user has already rotated their key 3 times today. This limit resets in 24 hours. Advise them to try again tomorrow.',
      };
    }

    if (!res.ok) {
      const body = await res.json().catch(() => ({})) as Record<string, unknown>;
      return {
        error: true,
        error_source: 'rotate_api_key',
        message: (body.error as string) ?? `API returned status ${res.status}`,
        agent_guidance: 'Key rotation failed. The user should try again later or check https://fathom.fyi/api/status for service health.',
      };
    }

    const data = await res.json() as { success: boolean; new_key: string; old_key_deactivated: boolean; message: string };

    return {
      success: true,
      new_key: data.new_key,
      old_key_deactivated: data.old_key_deactivated,
      message: data.message,
      agent_guidance: `Key rotated successfully. IMPORTANT: The user must update their MCP config (Claude Desktop, Cursor, etc.) with the new key: ${data.new_key} — the old key is now deactivated. The current session will continue working but the next restart will need the new key. Instruct the user to update their .env or MCP config file immediately.`,
    };
  } catch (err) {
    return {
      error: true,
      error_source: 'rotate_api_key',
      message: 'Failed to reach fathom.fyi API.',
      agent_guidance: 'Network error during key rotation. The user should check their internet connection and try again. Their current key is still active.',
    };
  }
}

src/tools/rotate-api-key.ts:4-17 (schema)

Type definitions for the tool's success and error responses.

interface RotateKeySuccess {
  success: true;
  new_key: string;
  old_key_deactivated: boolean;
  message: string;
  agent_guidance: string;
}

interface RotateKeyError {
  error: true;
  error_source: string;
  message: string;
  agent_guidance: string;
}

src/index.ts:572-583 (registration)

Registration of the rotate_api_key tool within the MCP server definition.

server.tool(
  'rotate_api_key',
  'Rotate your Fathom API key. Generates a new key, deactivates the old one, and returns the new key. The user must update their MCP config with the new key. Max 3 rotations per day. Requires Starter tier or above.',
  {},
  async () => {
    const gateError = gateTool('rotate_api_key');
    if (gateError) return { content: [{ type: 'text' as const, text: gateError }] };

    const text = await executeAndLog('rotate_api_key', {}, () => rotateApiKey());
    return { content: [{ type: 'text' as const, text }] };
  },
);

Tool Definition Quality

A4.7/5.0

Behavior5/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries full burden. It excellently discloses destructive behavior ('deactivates the old one'), side effects (invalidates previous key), output ('returns the new key'), rate limits, and tier requirements. Comprehensive for a mutation operation.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

Five sentences, zero waste. Front-loaded with the core action, followed by mechanics, user obligations, limits, and requirements. Every sentence provides essential information not available in structured fields.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness5/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Despite no output schema, the description explicitly states what gets returned ('returns the new key'). Covers prerequisites, side effects, and operational constraints, making it complete for a credential rotation tool with no parameters.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters4/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Input schema has 0 parameters. Per rubric, 0 params = baseline 4. The description correctly focuses on operation mechanics rather than inventing unnecessary parameter documentation.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description uses the specific verb 'Rotate' with the resource 'Fathom API key' and clearly distinguishes from siblings (all data retrieval/analysis tools). It further clarifies the mechanics: 'Generates a new key, deactivates the old one, and returns the new key'.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines4/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

Provides clear prerequisites ('Requires Starter tier or above'), rate limits ('Max 3 rotations per day'), and critical post-action requirements ('The user must update their MCP config with the new key'). Lacks explicit 'when-not-to-use' or named sibling alternatives.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Latest Blog Posts

Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security
Open Source Has a Bot Problem
By punkpeye on March 19, 2026.
open source

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/0xHashy/fathom-fyi'

If you have feedback or need assistance with the MCP directory API, please join our Discord server