Docs/Authentication

Authentication

Authenticate with your API key one of two ways. Get a key from the developer dashboard - free, no card required, with 100 credits every month.

1. Authorization header - recommended for server-side code

Authorization: Bearer mm_live_…
Header

2. access_key query param - handy in the browser and for quick tests

https://miromiro.app/api/v1/extract?url=stripe.com&access_key=mm_live_…
URL

Keys in the URL can end up in server, proxy, and browser logs - prefer the header for backend integrations, and rotate a key in the dashboard if you suspect it leaked. If both are sent, the header wins.

Keys are mm_live_ followed by 48 hex characters. Only a SHA-256 hash is stored server-side - the full key is shown once at creation, and can be rotated or revoked in the dashboard at any time. A missing or invalid key returns 401; a key whose subscription is past due or canceled returns 402.

Credits are weighted by endpoint (an asset scrape costs less than a full token extraction - see each endpoint's badge). Failed and blocked requests are never billed, and repeating an identical request within 24 hours is served from cache at no cost.