Skip to main content

Overview

The Mighty Networks Admin API uses Bearer token authentication to secure all API requests. Each request must include a valid API token in the Authorization header.

Getting Your API Token

Step 1: Access Your Network Admin Panel

Navigate to your network and access the admin settings:
  1. Log in to your Mighty Network
  2. Go to Admin from the main navigation
  3. Navigate to Settings > API Keys

Step 2: Generate a New API Token

1

Create API Key

Click the “Generate New API Key” button in the API Keys section.
2

Name Your Token

Give your API token a descriptive name (e.g., “Production Integration”, “Development”, “Analytics Script”).
3

Set Permissions

Configure the permissions and scopes for your API token based on your use case.
4

Copy and Store

Copy the generated token immediately and store it securely. You won’t be able to see it again.
Important: API tokens are shown only once during creation. Store them securely and never share them publicly.

Making Authenticated Requests

Include your API token in the Authorization header of every request: 
curl https://api.mn.co/admin/v1/networks/{network_id}/members \
  -H "Authorization: Bearer YOUR_API_TOKEN"

Authentication Errors

The API returns specific error codes for authentication issues:
Status CodeErrorDescription
401unauthorizedMissing or invalid API token
403forbiddenValid token but insufficient permissions
401token_expiredAPI token has been revoked or expired

Example Error Response

{
  "error": "unauthorized",
  "message": "Invalid API token provided",
  "status": 401
}

Security Best Practices

1. Store Tokens Securely

Never commit API tokens to version control or expose them in client-side code.
Use environment variables to store your tokens:
.env
MIGHTY_API_TOKEN=your_api_token_here
MIGHTY_NETWORK_ID=your_network_id_here

// Load from environment
const API_TOKEN = process.env.MIGHTY_API_TOKEN;
const NETWORK_ID = process.env.MIGHTY_NETWORK_ID;

2. Use HTTPS Only

All API requests must use HTTPS. HTTP requests will be rejected.

3. Monitor Token Usage

  • Log all API requests for audit trails
  • Monitor for unusual patterns or unauthorized access
  • Set up alerts for authentication failures

Managing API Tokens

Viewing API Keys

Navigate to Admin > Settings > API Keys to see all API keys for your network, including both active and revoked keys. The API Keys table displays:
  • Name: The descriptive name you gave the key
  • Key: The redacted token value
  • Created: When the key was created
  • Last Used: When the key was last used (or “Never”)
  • Status: A badge showing whether the key is Active (green) or Revoked (red)

Revoking Tokens

To revoke a token:
  1. Go to Admin > Settings > API Keys
  2. Find the token you want to revoke
  3. Click the actions menu (⋮) next to the token
  4. Select “Revoke API Key”
  5. Confirm the revocation
Revoking a token immediately invalidates it. Any services using that token will lose access.
After revoking a key, it remains visible in the API Keys list with:
  • A Revoked status badge (red)
  • Reduced opacity to indicate it’s no longer active
  • No actions menu (revoked keys cannot be edited or re-revoked)
  • A tooltip on the status badge showing when it was revoked

Rate Limiting

API tokens are subject to rate limits based on your plan:
These are stand-in numbers and do not represent real API rate limits upon its release
  • Standard: 100 requests per minute
  • Premium: 300 requests per minute
See the Rate Limits for more details on rate limiting.

Testing Your Authentication

Use this simple test to verify your token is working: 
curl https://api.mn.co/admin/v1/networks/{network_id}/me \
  -H "Authorization: Bearer YOUR_API_TOKEN"
Expected Response: 
{
  "id": "12345",
  "name": "John Doe",
  "email": "[email protected]",
  "network_id": "67890",
  "role": "admin",
  "created_at": "2024-01-15T10:30:00Z"
}

Troubleshooting

”Invalid API token” Error

Problem: Getting 401 unauthorized errors Solutions:
  • Verify the token is copied correctly (no extra spaces or characters)
  • Check that the token hasn’t been revoked
  • Ensure you’re using the correct Authorization: Bearer format
  • Verify the token has not expired

”Forbidden” Error

Problem: Getting 403 forbidden errors Solutions:
  • Check that your token has the required permissions/scopes
  • Verify you have admin access to the network
  • Ensure you’re using the correct network ID

Token Not Working After Creation

Problem: Newly created token returns errors Solutions:
  • Wait a few seconds - tokens may take a moment to propagate
  • Verify you’re using the full token string
  • Check that you copied the token immediately after creation

Next Steps

Quickstart Guide

Make your first authenticated API call.

API Reference

Explore available API endpoints.