Authorization

Getting StartedUpdated February 18, 2025

Authorization

All API requests must include your API key.

How to send the API key

Use one of these:

  1. Bearer token (recommended)
    Header:
    Authorization: Bearer <your_api_key>

  2. X-API-Key header
    Header:
    X-API-Key: <your_api_key>

Example:

curl -X GET "https://app.machfive.io/api/v1/campaigns" \
  -H "Authorization: Bearer mf_live_YOUR_API_KEY_HERE"

Invalid or missing key

  • Missing key: Response 401 with error: "UNAUTHORIZED", message: "Missing API key. Use Authorization: Bearer <key> or X-API-Key."
  • Invalid key: Response 401 with error: "UNAUTHORIZED", message: "Invalid API key."

Security

  • Do not commit API keys to source control or expose them in client-side code.
  • Prefer environment variables or a secrets manager.
  • You can create multiple keys (e.g. per environment or integration) and revoke them from the app.