Skip to main content
API keys are for server-to-server integrations. They are team-scoped and start with mio_sk_.

Create a key

Managing API keys requires a platform JWT. An API key cannot create another key. The create endpoint accepts two body shapes — a flat body or a full JSON:API envelope. Both are equivalent. Flat body (shorthand): 
curl -X POST "$MIO_BASE_URL/api/v1/teams/$TEAM_ID/api-keys" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/vnd.api+json" \
  -d '{
    "name": "Production integration",
    "scopes": ["*"]
  }'
JSON:API envelope (full form): 
curl -X POST "$MIO_BASE_URL/api/v1/teams/$TEAM_ID/api-keys" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/vnd.api+json" \
  -d '{
    "data": {
      "type": "api_keys",
      "attributes": {
        "name": "Production integration",
        "scopes": ["*"]
      }
    }
  }'
Supplying a wrong type value returns 422. The full secret is returned once: 
{
  "data": {
    "id": "0197...",
    "type": "api_keys",
    "attributes": {
      "name": "Production integration",
      "key_prefix": "mio_sk_live_abc123",
      "secret": "mio_sk_...",
      "scopes": ["*"]
    }
  }
}
Store secret immediately. Later list and retrieve calls only return the prefix and metadata.

Use a key

curl -s "$MIO_BASE_URL/api/v1/teams/$TEAM_ID/hubs" \
  -H "Authorization: Bearer mio_sk_..." \
  -H "Accept: application/vnd.api+json" | jq

Revoke a key

curl -X DELETE "$MIO_BASE_URL/api/v1/teams/$TEAM_ID/api-keys/$KEY_ID" \
  -H "Authorization: Bearer $TOKEN"
Revocation returns 204 No Content.