Skip to main content
Membership.io has three credential types.

Platform JWT

Use a platform JWT when a creator-side user is signed in. This is the right credential for dashboards and admin tools. 
curl -X POST "$MIO_BASE_URL/api/v1/auth/login" \
  -H "Content-Type: application/vnd.api+json" \
  -d '{"email":"admin@example.com","password":"password"}'
Send the returned access token on admin requests: 
Authorization: Bearer <platform-access-token>

Contact JWT

Use a contact JWT when a member is signed in to a hub. Contacts can authenticate with password or magic link depending on the hub flow. Contact-auth request bodies use JSON:API envelopes: 
curl -X POST "$MIO_BASE_URL/api/v1/contact-auth/login" \
  -H "Content-Type: application/vnd.api+json" \
  -d '{
    "data": {
      "type": "login_requests",
      "attributes": {
        "email": "member@example.com",
        "password": "password",
        "slug": "my-hub"
      }
    }
  }'
Send the returned contact access token on member-facing routes: 
Authorization: Bearer <contact-access-token>

Team API key

Use a team API key for server-to-server integrations, CLIs, and automation. API keys start with mio_sk_ and are sent as bearer tokens: 
Authorization: Bearer mio_sk_...
An API key is bound to one team. It cannot be used against another team’s routes, and it cannot manage API keys.

Which one should I use?

Use caseCredential
Creator dashboardPlatform JWT
Member portalContact JWT
Backend integrationTeam API key
Local admin scriptPlatform JWT or team API key
Public hub lookupNo credential when the endpoint is public