API Introduction

The API is intended for customer-owned integrations. For assistant workflows, use MCP.

Maito API keys are server-side secrets. Never use an API key in browser JavaScript, static site code, mobile app bundles, or public repositories.

Authentication

Create an API key in Maito and send it as a Bearer token.

Authentication Steps

Open Maito and go to Settings.
Open API Keys in the Developer section.

Click Create.
Give the key a clear name, such as Production, Docs website, or Internal tool.
Choose an expiration policy.

Click Create key.
Copy the key immediately. Maito shows the secret only once.

Copy API key dialog with the API key redacted

Store the key in a server-side secret manager or environment variable.

Created API key listed in Maito settings

When making a request, add the API key to the Authorization header:

Authorization: Bearer <token>

Example:

curl "https://api.getmaito.com/v1/newsletter/issues?status=sent&isPublic=true" \
  -H "Authorization: Bearer $MAITO_API_KEY" \
  -H "Accept: application/json"

See Authentication for more details.

API Reference

The base URL for the API is:

https://api.getmaito.com/v1

Newsletter Settings

Read and update newsletter publication settings.

Subscribers

Create subscribers, import subscribers, list subscribers, and block or delete subscribers.

Issues

List public issues, get an issue by slug, create drafts, update issues, and send issues.

Analytics

Read newsletter overview analytics and issue-level analytics.

Media Uploads

Upload media assets for newsletter workflows.

Custom newsletter websites should use a backend proxy that keeps the Maito API key server-side. Use these endpoints for the website experience:

List issues: GET /v1/newsletter/issues?status=sent&isPublic=true
Get issue by slug: GET /v1/newsletter/issues/by-slug/{issueSlug}
List categories: GET /v1/newsletter/categories
Create subscriber: POST /v1/newsletter/subscribers

See Custom Newsletter Website for the full implementation guide and AI-builder prompt.

Responses

Successful responses use this shape:

{
  "ok": true,
  "data": {}
}

Errors use this shape:

{
  "ok": false,
  "error": {
    "code": "VALIDATION_ERROR",
    "message": "Invalid request."
  }
}

See Responses and errors for status code behavior.

Scope

API keys are supported only on external integration endpoints. They are not a general way to call every route used by the Maito app. Current customer API groups:

Newsletter
Media uploads

Documents, drafts, calendar, social OAuth flows, billing, onboarding, chat, queue internals, app-only routes, provider callbacks, hosted-site internals, and infrastructure health checks are not customer API contracts.

Rate Limits

Rate limits are not finalized yet. Until a formal policy is published, integrations should:

Avoid polling loops
Retry 5xx responses with exponential backoff
Treat 429 as a signal to slow down
Prefer batching where an endpoint supports it

OpenAPI Spec

Use the OpenAPI document to inspect the full request and response schemas:

JSON: /openapi.json

Documentation Index

​Authentication

​API Reference

Newsletter Settings

Subscribers

Categories

Issues

Analytics

Media Uploads

​Custom Newsletter Website

​Responses

​Scope

​Rate Limits

​OpenAPI Spec

Authentication

API Reference

Custom Newsletter Website

Responses

Scope

Rate Limits

OpenAPI Spec