Skip to main content

About the Admin API

The Mighty Networks Admin API provides programmatic access to manage and automate your network operations. With the Admin API, you can manage members, content, events, and more.

Base URL

All API requests should be made to: 
https://api.mn.co/admin

Authentication

The Admin API uses Bearer token authentication. All requests must include a valid API token.

Authentication Guide

Learn how to generate tokens, authenticate requests, and implement security best practices.

Getting Started

Quickstart Guide

Make your first API call in under 5 minutes.

Authentication

Set up authentication and manage API tokens.

Core Resources

The Admin API provides access to the following resources:

Networks

Manage network settings, information, and configuration.

Members

  • List and search members
  • View member profiles and activity
  • Update member information
  • Manage member permissions and roles

Content & Posts

  • Create, read, update, and delete posts
  • Manage comments and reactions
  • Moderate content
  • Work with rich media attachments

Events

  • Create and manage events
  • Track RSVPs and attendance
  • Update event details

Spaces

  • Manage network spaces
  • Configure space settings
  • Control space membership

Webhooks

Webhooks allow you to receive real-time HTTP notifications when events occur in your network. Instead of polling the API for changes, webhooks push data to your server as events happen.

How It Works

  1. You configure a webhook endpoint URL in your network settings
  2. You select which events you want to receive
  3. When an event occurs, Mighty Networks sends an HTTP POST request to your URL
  4. Your server processes the webhook and responds with any 2xx status code (200, 201, 202, 204, etc.)

Webhook Delivery Format

Webhooks are delivered as HTTP POST requests with JSON payloads: 
POST /your-webhook-endpoint
Host: your-domain.com
Content-Type: application/json
Accept: application/json
Authorization: Bearer YOUR_CONFIGURED_API_KEY

{
  "event_id": "abc123-uuid",
  "event_timestamp": "2024-01-15T10:30:00Z",
  "event_type": "PostCreated",
  "payload": {
    "id": 12345,
    "title": "Example post title",
    "author": {
      "id": 67890,
      "email": "user@example.com",
      "first_name": "John"
    },
    "space_id": 111,
    "created_at": "2024-01-15T10:30:00Z"
  }
}

Available Events

See the Webhooks section for a complete list of available events and their payload schemas.

Security

  • HTTPS Required: Webhook endpoints must use HTTPS in production
  • Authentication: Configure an API key that will be included as a Bearer token in the Authorization header
  • Verify the source: Always validate the Authorization header matches your configured key

Best Practices

Return any 2xx status code (200, 201, 202, 204, etc.) as fast as possible. Process the webhook payload asynchronously if needed—webhooks timeout after 30 seconds.
Webhooks are retried on failure with any non-2xx status code. Implement idempotency to handle duplicate deliveries gracefully.
Repeated failures trip a circuit breaker that temporarily pauses delivery to your endpoint. Monitor your endpoint’s availability so deliveries aren’t suspended. See Circuit breaker for details.
Webhooks are delivered asynchronously via background jobs. There may be a slight delay between when an event occurs and when you receive the webhook.
Store incoming webhook data for debugging and auditing purposes.

Expected Responses

Your endpoint should return any 2xx status code to acknowledge successful receipt. Common success codes include 200 (OK), 201 (Created), 202 (Accepted), and 204 (No Content):
Status CodeMeaning
2xx (200-299)Webhook received successfully
Any non-2xx statusDelivery failed—will be retried

Circuit breaker

Outbound webhook delivery is protected by a circuit breaker. If your endpoint fails repeatedly in a row, we temporarily stop delivering webhooks to it rather than continuing to retry against an endpoint that appears to be down.
  • Trips on repeated failures: When deliveries to your endpoint fail multiple consecutive times (any non-2xx response, a timeout, or a connection error), the circuit breaker opens and delivery is paused.
  • Delivery is paused temporarily: While the circuit is open, new webhooks for that endpoint are not delivered. This protects both your service and ours from wasted retries against a failing endpoint.
  • Automatic recovery: After a cooldown period, we probe your endpoint again. Once it responds successfully, the circuit closes and normal delivery resumes automatically—no manual intervention required.
Keep your endpoint highly available and return a 2xx status quickly to avoid tripping the circuit breaker. If you notice a gap in delivery, check your endpoint’s logs and uptime for a recent run of failures.

Rate Limit and Quota

The Admin API is rate limited to ensure fair usage. Each plan includes a monthly request quota, with additional usage billed per request past your plan’s permitted volume:
PlanIncluded API RequestsExtra API Requests
Scale5,000 / month$0.002 / request
GrowthCustomCustom
Mighty Pro BasicCustomCustom
Mighty Pro EssentialCustomCustom
Mighty Pro CompleteCustomCustom
Contact your account team for the specific limits and pricing that apply to your plan.

Error Handling

The API uses standard HTTP status codes:
Status CodeDescription
200Success
201Created
400Bad Request - Invalid parameters
401Unauthorized - Invalid or missing API token
403Forbidden - Insufficient permissions
404Not Found - Resource doesn’t exist
429Too Many Requests - Rate limit exceeded
500Internal Server Error
Error responses include a JSON body with details: 
{
  "error": "unauthorized",
  "message": "Invalid API token",
  "status": 401
}

Pagination

List endpoints support pagination using the following query parameters:
  • page: Page number (default: 1)
  • per_page: Items per page (default: 25, max: 100)
Pagination metadata is included in the response: 
{
  "data": [...],
  "meta": {
    "current_page": 1,
    "total_pages": 10,
    "total_count": 250,
    "per_page": 25
  }
}

Quick Reference

Common Operations

All API operations are scoped to a specific network:
  • List Resources - GET /networks/{id}/members
  • Get Resource - GET /networks/{id}/members/{member_id}
  • Create Resource - POST /networks/{id}/posts
  • Update Resource - PATCH /networks/{id}/members/{member_id}
  • Delete Resource - DELETE /networks/{id}/spaces/{space_id}/members/{user_id}

Request Format

All requests require authentication and use standard REST conventions: 
curl https://api.mn.co/admin/v1/networks/{network_id}/endpoint \
  -H "Authorization: Bearer YOUR_API_TOKEN" \
  -H "Content-Type: application/json" \
  -H "User-Agent: my-app/1.0 (+https://example.com)"
Requests to api.mn.co must include a non-empty User-Agent header. Requests without one are blocked by bot protection and receive an HTML challenge page with HTTP 403. We recommend your-app-name/version (+url).

Response Format

Successful list endpoints return paginated data: 
{
  "items": [...],
  "links": {
    "self": "current_page_url",
    "next": "next_page_url"
  }
}

Best Practices

  1. Store tokens securely - Never expose API tokens in client-side code or public repositories
  2. Handle rate limits - Implement exponential backoff when hitting rate limits
  3. Use pagination - Always paginate through large result sets
  4. Validate input - Validate data before sending to the API
  5. Monitor errors - Log and monitor API errors for debugging

Support

Need help with the Admin API?

Support Center

Visit our FAQ and support documentation.

Contact Support

Get in touch with our technical support team.