API Authentication¶
API Keys¶
API keys are used to authenticate requests. Include your key in the Authorization header:
Authorization: Bearer mb_live_xxxxxxxxxxxx
Obtaining an API Key¶
- Log in to your Meister Bill account
- Go to Settings → API
- Click Generate New Key
- Copy and store the key securely (shown only once)
Key Types¶
| Type | Prefix | Usage |
|---|---|---|
| Live | mb_live_ |
Production data |
| Test | mb_test_ |
Sandbox environment |
Permissions¶
Keys are scoped to your account permissions:
- Read - List and view resources
- Write - Create and update resources
- Admin - Delete resources and manage webhooks
Security Best Practices¶
- Store keys in environment variables, never in code
- Rotate keys every 90 days
- Use separate keys for different environments
- Revoke compromised keys immediately
Testing Authentication¶
curl -H "Authorization: Bearer YOUR_API_KEY" \
https://api.meister-bill.com/v1/customers
Successful response returns 200 OK with customer list.
Invalid key returns 401 Unauthorized:
{
"error": "unauthorized",
"message": "Invalid API key"
}