Authentication & limits
Bearer API keys that act as a service user — secure, revocable and rate-limited.
Overview
Authenticate every request with a Bearer API key. Each key acts as a service user you choose, inheriting that user's roles, record rules and field permissions — so a key can never do more than that user could in the app.
Keys are created in the app under Settings → API keys (Pro and Enterprise plans). The secret is shown once; keys are revocable, can expire, and are rate-limited per key.
What you can do
Acts as a service user
Scope a key precisely by choosing which user it represents and that user role.
Revocable & expiring
Revoke a key instantly, or set an expiry date when you create it.
Rate-limited
Each key has a per-minute limit (default 120); over-limit returns 429 with Retry-After.
Reference
Send the key as a Bearer token; handle errors with the codes below.
# Every request carries a Bearer API key
curl https://api.megorix.com/data/hr/employees \
-H "Authorization: Bearer mgx_live_xxxxxxxxxxxxxxxx"
# A rate-limited response (HTTP 429)
# Retry-After: 23
{ "success": false,
"error": { "code": "api_key.rate_limited", "message": "..." } }api_key.missing / api_key.invalidMissing, invalid, revoked or expired keyplan.feature_not_availableThe plan does not include API accessauth.missing_permissionsThe service user lacks the permission(varies)Entity or record not foundapi_key.rate_limitedRate limit exceeded — see the Retry-After headerTry it now
Open the interactive API reference and make your first call in minutes.