Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.mightynetworks.com/llms.txt

Use this file to discover all available pages before exploring further.

Overview

The Mighty Networks Admin API uses Bearer token authentication to secure all API requests. Each request must include a valid API token in the Authorization header.

Getting Your API Token

Step 1: Access Your Network Admin Panel

Navigate to your network and access the admin settings:
  1. Log in to your Mighty Network
  2. Go to Admin from the main navigation
  3. Navigate to Settings > API Keys

Step 2: Generate a New API Token

1

Create API Key

Click the “Generate New API Key” button in the API Keys section.
2

Name Your Token

Give your API token a descriptive name (e.g., “Production Integration”, “Development”, “Analytics Script”).
3

Set Permissions

Configure the permissions and scopes for your API token based on your use case.
4

Copy and Store

Copy the generated token immediately and store it securely. You won’t be able to see it again.
Important: API tokens are shown only once during creation. Store them securely and never share them publicly.

Making Authenticated Requests

Include your API token in the Authorization header of every request: 
curl https://api.mn.co/admin/v1/networks/{network_id}/members \
  -H "Authorization: Bearer YOUR_API_TOKEN"

Authentication Errors

The API returns specific error codes for authentication issues:
Status CodeErrorDescription
401unauthorizedMissing or invalid API token
403forbiddenValid token but insufficient permissions
401token_expiredAPI token has been revoked or expired

Example Error Response

{
  "error": "unauthorized",
  "message": "Invalid API token provided",
  "status": 401
}

Security Best Practices

1. Store Tokens Securely

Never commit API tokens to version control or expose them in client-side code.
Use environment variables to store your tokens:
.env
MIGHTY_API_TOKEN=your_api_token_here
MIGHTY_NETWORK_ID=your_network_id_here

// Load from environment
const API_TOKEN = process.env.MIGHTY_API_TOKEN;
const NETWORK_ID = process.env.MIGHTY_NETWORK_ID;

2. Use HTTPS Only

All API requests must use HTTPS. HTTP requests will be rejected.

3. Monitor Token Usage

  • Log all API requests for audit trails
  • Monitor for unusual patterns or unauthorized access
  • Set up alerts for authentication failures

Managing API Tokens

Viewing API Keys

Navigate to Admin > Settings > API Keys to see all API keys for your network, including both active and revoked keys. The API Keys table displays:
  • Name: The descriptive name you gave the key
  • Key: The redacted token value
  • Created: When the key was created
  • Last Used: When the key was last used (or “Never”)
  • Status: A badge showing whether the key is Active (green) or Revoked (red)

Revoking Tokens

To revoke a token:
  1. Go to Admin > Settings > API Keys
  2. Find the token you want to revoke
  3. Click the actions menu (⋮) next to the token
  4. Select “Revoke API Key”
  5. Confirm the revocation
Revoking a token immediately invalidates it. Any services using that token will lose access.
After revoking a key, it remains visible in the API Keys list with:
  • A Revoked status badge (red)
  • Reduced opacity to indicate it’s no longer active
  • No actions menu (revoked keys cannot be edited or re-revoked)
  • A tooltip on the status badge showing when it was revoked

Rate Limiting

API tokens are subject to rate limits based on your plan:
These are stand-in numbers and do not represent real API rate limits upon its release
  • Standard: 100 requests per minute
  • Premium: 300 requests per minute
See the Rate Limits for more details on rate limiting.

Testing Your Authentication

Use this simple test to verify your token is working: 
curl https://api.mn.co/admin/v1/networks/{network_id}/me \
  -H "Authorization: Bearer YOUR_API_TOKEN"
Expected Response: 
{
  "id": "12345",
  "name": "John Doe",
  "email": "john@example.com",
  "network_id": "67890",
  "role": "admin",
  "created_at": "2024-01-15T10:30:00Z"
}

Troubleshooting

”Invalid API token” Error

Problem: Getting 401 unauthorized errors Solutions:
  • Verify the token is copied correctly (no extra spaces or characters)
  • Check that the token hasn’t been revoked
  • Ensure you’re using the correct Authorization: Bearer format
  • Verify the token has not expired

”Forbidden” Error

Problem: Getting 403 forbidden errors Solutions:
  • Check that your token has the required permissions/scopes
  • Verify you have admin access to the network
  • Ensure you’re using the correct network ID

Token Not Working After Creation

Problem: Newly created token returns errors Solutions:
  • Wait a few seconds - tokens may take a moment to propagate
  • Verify you’re using the full token string
  • Check that you copied the token immediately after creation

Next Steps

Quickstart Guide

Make your first authenticated API call.

API Reference

Explore available API endpoints.