All Mufi API requests are authenticated using Bearer tokens. Your API key acts as a JWT-signed token that identifies your project and permission level.Documentation Index
Fetch the complete documentation index at: https://docs.mufi.app/llms.txt
Use this file to discover all available pages before exploring further.
Getting Your API Key
Sign in to the Mufi Dashboard
Go to my.mufi.app and authenticate with your email via magic link.
Don’t have an account? Email connect@mufi.app to request access.
Using Your API Key
Include your API key as a Bearer token in theAuthorization header of every request:
Permission Levels
Each API key has one of two permission levels:| Permission | What it allows |
|---|---|
| Write | Full access — create and modify users, events, products, and all resources |
| Read | Query-only — fetch users, list events, check balances, view products |
403 Forbidden.
Key Management
| Behavior | Detail |
|---|---|
| Expiration | API keys do not expire automatically — they remain valid until revoked |
| Regeneration | You can regenerate a key at any time from the Dashboard. The old key is immediately invalidated |
| Multiple keys | Generate separate keys for different environments (staging, production) or services |
Security Checklist
Store API keys in environment variables, never in source code
Use keys only on the server side — never expose them in frontend code
Use read-only keys when you only need to query data
Regenerate keys immediately if you suspect they’ve been compromised
Use separate keys for staging and production environments