Dashboard

Authentication

Learn how to authenticate your API requests securely.

Authentication

The Melon API uses API keys to authenticate requests. You can view and manage your API keys in the Developers section of your dashboard.

Providing the API Key

You must include your API key in the Authorization HTTP header for all requests to the Melon API. The key should be passed as a Bearer Token.

Example Request

GET /api/v1/customers HTTP/1.1
Host: api.melon.ng
Authorization: Bearer mk_test_1234567890abcdef
fetch('https://api.melon.ng/api/v1/customers', {
  headers: {
    'Authorization': 'Bearer mk_test_1234567890abcdef',
    'Content-Type': 'application/json'
  }
})
.then(response => response.json())
.then(data => console.log(data));

Security Best Practices

[!CAUTION] Your API keys carry many privileges. Always treat them with the same care as passwords.

  1. Keep Keys Private: Do not share your API keys in publicly accessible areas such as GitHub, client-side code, or mobile applications.
  2. Server-Side Only: Make all requests to the Melon API from a secure backend server.
  3. Key Rotation: If you suspect a key has been compromised, immediately revoke it and generate a new one from your dashboard.
  4. Use Scopes: When generating API keys, apply the principle of least privilege by selecting only the scopes required for your application (e.g., kyc:read or kyc:write).

Unauthorized Requests

If you fail to provide a valid API key, or if the API key provided does not have the necessary scopes to perform an action, the API will return an HTTP 401 Unauthorized or 403 Forbidden response.

{
  "success": false,
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Missing or invalid API key"
  }
}

Quickstart Guide

Get up and running with the Melon API in minutes.

KYC API Reference

Endpoints for managing and tracking customer verifications.

On this page

AuthenticationProviding the API KeyExample RequestSecurity Best PracticesUnauthorized Requests