Skip to main content
The Moflay API uses API keys to authenticate requests. You can view and manage your API Keys on the API Keys page in the Moflay Dashboard.
Api Key Page
Development API keys have the prefix mof_test_ and Production API keys have the prefix mof_live_. Authentication to the API is performed via the Authorization header with a Bearer token. To authenticate, you need to include the Authorization header with the word Bearer followed by your token in your API requests like so: 
Authorization: Bearer mf_test_1234567890

Authentication Errors

When authentication fails, the API will return specific error responses to help you troubleshoot the issue.

Missing API Key

If you don’t include the Authorization header, you’ll receive a 401 Unauthorized error: 
{
  "error": {
    "status": 401,
    "code": "missing_api_key",
    "message": "Missing API key in the authorization header."
  }
}
Solution: Include the Authorization header in your request: 
Authorization: Bearer YOUR_API_KEY

Invalid API Key

If your API key is incorrect or malformed, you’ll receive a 403 Forbidden error: 
{
  "error": {
    "status": 403,
    "code": "invalid_api_key",
    "message": "API key is invalid."
  }
}
Solution: Verify your API key is correct or generate a new one in the API Keys dashboard.

Insufficient Permissions

If your API key doesn’t have the necessary permissions for the requested resource, you’ll receive a 422 Unprocessable Entity error: 
{
  "error": {
    "status": 422,
    "code": "invalid_access",
    "message": "The API key does not have the necessary permissions to access this resource."
  }
}
Solution: Ensure your API key has the required permissions for the endpoint you’re trying to access.