Skip to main content

Overview

AppKeys are long-lived credentials used to authenticate API requests. Each key is scoped to your account and can be revoked at any time. AppKeys have the prefix sk-mm- followed by a random token.

Creating an AppKey

  1. Log in at the dashboard
  2. Navigate to API Keys
  3. Click Create Key
  4. Enter a name and optional webhook signing secret
  5. Copy the key — it is shown only once
The AppKey and its signing_secret are shown only at creation time. Store them securely — they cannot be retrieved later.

Key status

Webhook signing secret

If you use callback_url, verify incoming webhooks using the signing_secret associated with the AppKey:
The signature is sent in the X-Signature request header.