Overview
AppKeys are long-lived credentials used to authenticate API requests. Each key is scoped to your account and can be revoked at any time.
AppKeys have the prefix sk-mm- followed by a random token.
Creating an AppKey
- Log in at the dashboard
- Navigate to API Keys
- Click Create Key
- Enter a name and optional webhook signing secret
- Copy the key — it is shown only once
The AppKey and its signing_secret are shown only at creation time. Store them securely — they cannot be retrieved later.
Key status
Webhook signing secret
If you use callback_url, verify incoming webhooks using the signing_secret associated with the AppKey:
The signature is sent in the X-Signature request header.