Skip to content
mtion
Get the keys

// docs · authentication

API keys.

Every endpoint expects an Authorization: Bearer mtn_live_... header. Keys are issued from your account page (Pro tier only).

Key format

Production keys start with mtn_live_. They're 36 characters total (prefix + 24 random chars from a base62 alphabet).

Limits

  • Max 5 active keys per account.
  • 10,000 calls/day across all your keys (resets at 00:00 UTC). See Rate limits.
  • Revoking is instant. Anything using the revoked key gets 401 Unauthorized on the next call.

Storage

We store only a one-way SHA-256 hash of your key, plus a 12-character prefix for display. If you lose the plaintext, revoke and re-create — there's no recovery path by design.

Bad request examples

401  { "error": "Missing Authorization: Bearer <key>" }
401  { "error": "Invalid API key format" }
401  { "error": "Unknown API key" }
401  { "error": "API key revoked" }
403  { "error": "Pro tier required" }
429  { "error": "Rate limit exceeded", "resetAt": 1780000000 }