API key security
Your Hevy API key is equivalent to a password for your Hevy account. Follow these practices:- Keep it out of source control. Never commit the key to a git repository, paste it in a public issue, or include it in screenshots or recordings.
- Never pass it in a URL. Query-string parameters and path segments appear in server logs, browser history, and referrer headers.
- Local clients: provide the key through the child process environment only (the
envblock in your MCP client config), never as a command-line argument. - Hosted clients: send the key exclusively in the
Authorization: Bearerheader on each request. The Worker validates the key with Hevy, does not store it, and forwards it upstream only as Hevy’s requiredapi-keyheader — it never appears in the Worker’s own logs or storage.
CORS configuration (self-hosted Worker)
When you self-host the Cloudflare Worker, browser-based MCP clients must match an explicitly allowed origin before cross-origin requests are accepted.-
Set the
MCP_ALLOWED_ORIGINSenvironment variable to a comma-separated list of exact origins that should be permitted — for example: - Wildcards are intentionally unsupported. Every allowed origin must be listed explicitly.
-
Requests that arrive without an
Originheader — such as those from desktop MCP clients,curl, or server-side code — are always accepted regardless of theMCP_ALLOWED_ORIGINSvalue.
Mutation safety
Hevy MCP tools fall into two categories: Read tools — safe for exploration. They only retrieve data from Hevy and make no changes to your account. You can call them freely without risk of data modification. Write tools — annotated with MCP mutation annotations. MCP clients that support these annotations (such as Codex and compatible IDE extensions) will display a confirmation prompt before executing the tool. Always review the proposed inputs before approving. Important behaviors to be aware of:- Create operations can produce duplicates when retried. If a
create-workout,create-routine, orcreate-body-measurementcall fails mid-flight and you retry it, a duplicate record may be created in Hevy. Check your Hevy account before retrying a failed create. - Update operations fully replace existing records. Calling
update-workoutorupdate-routinereplaces the entire record with the new payload — any fields you omit are not preserved from the original.
OAuth token security
The hosted Worker optionally supports an OAuth 2.1 authorization layer for clients that cannot send a fixedAuthorization header (such as Claude.ai custom connectors). When OAuth is enabled:
- OAuth grants are tied to the Hevy API key used during authorization. The key is validated with Hevy at authorization time and stored encrypted inside the OAuth grant.
- Rotating your Hevy API key automatically invalidates all OAuth grants created with it. After you generate a new API key in the Hevy app, any client that authenticated via OAuth must re-authorize using the new key.
- Direct
Authorization: Bearer <hevy-api-key>requests continue to work unchanged alongside OAuth — the OAuth layer is purely additive.
Hosted Endpoint
Learn how the hosted Cloudflare Worker handles key validation and routing.
Configuration
Full reference for all environment variables including CORS and timeout settings.