API Keys #

API keys give scripts and bots programmatic access to your Meldry server, scoped to your account.

Creating a key #

  1. Open Settings → API Keys.
  2. Click Create API Key.
  3. Give the key a descriptive name (e.g. ci-deploy-bot).
  4. Copy the key immediately — Meldry only displays it once.

You can create up to 5 API keys per hour (rate limited to prevent abuse).

Using a key #

Send the key as a Bearer token on the Authorization header:

bash
curl -H "Authorization: Bearer <your-api-key>" \
  https://your-server.meldry.com/api/me

Most tenant API endpoints accept either an API key or a session token.

Revoking a key #

In Settings → API Keys, click the delete icon next to any key. Revocation is immediate — any subsequent request using that key will fail with 401.

Best practices #

  • Name keys per integration, not per machine. This makes auditing and rotation simpler.
  • Rotate keys when an integration is decommissioned or when staff change.
  • Don't commit keys to git — use environment variables or a secret manager.
  • Use different keys for development, staging and production workloads so a leak is contained.