Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.getmaito.com/docs/llms.txt

Use this file to discover all available pages before exploring further.

Maito customer API requests authenticate with an API key.
API keys are server-side secrets. Do not expose them in browser JavaScript, static websites, public repositories, logs, or mobile app bundles.

Create An API Key

  1. Open Maito and go to Settings.
  2. Open API Keys in the Developer section.
Maito API Keys settings page
  1. Click Create.
  2. Give the key a clear name, such as Production, Docs website, or Internal tool.
  3. Choose an expiration policy.
Create API key dialog in Maito
  1. Click Create key.
  2. Copy the key immediately. Maito shows the secret only once.
Copy API key dialog with the API key redacted
  1. Store the key in a secret manager or server-side environment variable.
Created API key listed in Maito settings API keys are shown only when they are created. If you lose a key, revoke it and create a new one.

Use The Key

Send the API key as a Bearer token in the Authorization header. 
Authorization: Bearer <token>
For example: 
curl "https://api.getmaito.com/v1/newsletter/subscribers" \
  -H "Authorization: Bearer $MAITO_API_KEY" \
  -H "Accept: application/json"

Server-Side Usage

Store API keys outside source control: 
MAITO_API_KEY="your_api_key"
Then read the key from the runtime environment in your integration. Do not expose API keys in browser-side code, public repositories, logs, or client bundles.

Rotate Or Revoke A Key

If a key is exposed or no longer needed:
  1. Open Settings.
  2. Open API Keys.
  3. Revoke the old key.
  4. Create a replacement key if the integration still needs access.
Update every integration that used the old key.

Authentication Errors

Requests without a valid API key return an error response. 
{
  "ok": false,
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Authentication required."
  }
}
Exact messages can vary by route. Clients should treat HTTP 401 as an authentication failure and ask for a new or corrected API key. API keys can only call supported customer API endpoints. If a valid key calls an app-only or internal route, Maito returns 403.