Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.getmaito.com/llms.txt

Use this file to discover all available pages before exploring further.

API Authentication

Authenticated REST endpoints require a bearer token. 
Authorization: Bearer <token>

Token Types

Maito routes accept Clerk-backed tokens. Most product routes accept any valid Clerk-supported token configured by the API auth layer. API key management itself is session-only because users must create and revoke API keys from an authenticated session. Public newsletter endpoints do not require user authentication.

API Keys

API keys are managed through authenticated API key routes:
MethodEndpointPurpose
GET/v1/api-keysList API keys for the current user.
POST/v1/api-keysCreate an API key.
DELETE/v1/api-keys/:apiKeyIdRevoke an API key.
When a key is created, store the returned secret immediately. Do not commit API keys to source control.

Browser And Server Usage

Server-side integrations should pass tokens from environment or secret storage. Browser clients should use session tokens obtained through the authenticated app flow and should not embed long-lived secrets.

Authentication Failures

Missing, expired, malformed, or unauthorized tokens return an error envelope: 
{
  "ok": false,
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Authentication required."
  }
}
Exact error codes can vary by auth failure source. Clients should branch on HTTP status first, then use error.code for product-specific handling.