Authentication

Learn how to authenticate your API requests

All API requests to Mira services require authentication using API keys.

API Key Format

API keys follow this format:

mk_[service]_[32_character_random_string]

Example: mk_verify_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6

The prefix helps identify:

  • mk_ - Mira Key
  • verify_ - The service this key is authorized for

Using Your API Key

Include your API key in the Authorization header with the Bearer scheme:

curl -X POST https://console.mira.network/verify/v1/stream \
  -H "Authorization: Bearer mk_verify_YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"fact": "Your fact to verify"}'

Security Best Practices

Never expose keys in client-side code

API keys should only be used in server-side code. Never include them in:

  • Browser JavaScript
  • Mobile app code
  • Public repositories
  • Client-side environment variables

Use environment variables

Store your API key in environment variables:

# .env (never commit this file)
MIRA_API_KEY=mk_verify_your_key_here
// server.js
const apiKey = process.env.MIRA_API_KEY;

Rotate keys regularly

Create new keys periodically and revoke old ones:

  1. Create a new key in the dashboard
  2. Update your application to use the new key
  3. Verify everything works
  4. Revoke the old key

Use separate keys per environment

Create different keys for:

  • Development - Local testing
  • Staging - Pre-production testing
  • Production - Live application

This limits the blast radius if a key is compromised.

Key Management

Creating Keys

  1. Go to your app in the Dashboard
  2. Click Create Key
  3. Select the service (e.g., Verify)
  4. Optionally add a name (e.g., "Production API Key")
  5. Copy the key immediately - it's only shown once!

Revoking Keys

If a key is compromised or no longer needed:

  1. Go to your app in the dashboard
  2. Find the key in the API Keys list
  3. Click Revoke

Revoked keys are immediately invalidated and cannot be restored.

Error Responses

Invalid or Missing Key

{
  "error": "Unauthorized",
  "message": "Invalid or missing API key"
}

HTTP Status: 401

Wrong Service

If you use a Verify key with a different service:

{
  "error": "Unauthorized",
  "message": "API key not authorized for this service"
}

HTTP Status: 401

Revoked Key

{
  "error": "Unauthorized",
  "message": "API key has been revoked"
}

HTTP Status: 401

Quickstart

Get started with Mira Console in 5 minutes

API Overview

Overview of the Mira Network API

On this page

API Key FormatUsing Your API KeySecurity Best PracticesNever expose keys in client-side codeUse environment variablesRotate keys regularlyUse separate keys per environmentKey ManagementCreating KeysRevoking KeysError ResponsesInvalid or Missing KeyWrong ServiceRevoked Key