ContextQMD
Back to Composio

Projects

docs/content/docs/projects.mdx

0.11.13.4 KB
Original Source

Projects are Composio's multi-tenancy primitive. Every Composio account belongs to an organization. Inside an organization, projects are isolated environments that scope your API keys, connected accounts, auth configs, and webhook configurations. Resources in one project are not accessible from another.

mermaid
graph LR
    ORG["Organization (org_xxx)"] --- P1["Project: Production (proj_xxx)"]
    ORG --- P2["Project: Staging (proj_xxx)"]
    ORG --- TM["Team Members"]
    P1 --- A1["API Keys"]
    P1 --- A2["Connected Accounts"]
    P1 --- A3["Auth Configs"]
    P1 --- A4["Webhook Config"]
    P2 --- B1["..."]

Common reasons to use multiple projects:

  • Separate environments: keep production and staging isolated
  • Separate products: keep resources for different apps independent
  • Client isolation: give each client their own project with separate credentials and data

Managing projects

You can manage projects from the dashboard or via the API using an organization API key (x-org-api-key).

<Callout type="info"> Project management endpoints use the `x-org-api-key` header, not the regular `x-api-key`. You can find your org API key in the dashboard under **Settings > Organization**. </Callout>

Create a project

bash
curl -X POST https://backend.composio.dev/api/v3/org/owner/project/new \
  -H "x-org-api-key: YOUR_ORG_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "my-staging-project",
    "should_create_api_key": true
  }'

The response includes the project ID and, if requested, an API key:

json
{
  "id": "proj_abc123xyz456",
  "name": "my-staging-project",
  "api_key": "ak_abc123xyz456"
}

List projects

bash
curl https://backend.composio.dev/api/v3/org/owner/project/list \
  -H "x-org-api-key: YOUR_ORG_API_KEY"

Supports pagination with limit and cursor query parameters.

Get project details

bash
curl https://backend.composio.dev/api/v3/org/owner/project/proj_abc123xyz456 \
  -H "x-org-api-key: YOUR_ORG_API_KEY"

Returns the full project object including its API keys.

Project settings

Each project has settings that control security, logging, and display behavior. These endpoints use your project API key (x-api-key), not the org key.

bash
curl -X PATCH https://backend.composio.dev/api/v3/org/project/config \
  -H "x-api-key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "mask_secret_keys_in_connected_account": false,
    "log_visibility_setting": "show_all"
  }'

Notable security setting:

  • require_mcp_api_key: when true, MCP server requests must include a valid x-api-key header. This defaults to true for organizations created on or after March 5, 2026.

You can also view and update these from Settings > Project Settings in the dashboard. See the Projects API reference for all available settings.

<Cards> <Card icon={<Key />} title="Authentication" href="/docs/authentication" description="Auth configs are scoped to projects — learn how Composio manages auth" /> <Card icon={<Database />} title="Users & Sessions" href="/docs/users-and-sessions" description="Connected accounts and sessions live within a project" /> <Card icon={<Zap />} title="Triggers" href="/docs/triggers" description="Webhook configurations are project-scoped" /> </Cards>