Authentication
How to authenticate with the MisarBlog API using API keys.
Authentication
All MisarBlog API requests require a Bearer token in the Authorization header.
Authorization: Bearer mbk_YOUR_API_KEY
Getting an API Key
- Sign in to your MisarBlog account at www.misar.blog
- Go to Dashboard → Settings → API Keys
- Click Create API Key, give it a name, and copy the key immediately — it's shown only once
Keys always start with mbk_.
Using Your Key
curl https://api.misar.io/blog/v1/me \
-H "Authorization: Bearer mbk_YOUR_KEY"
const res = await fetch("https://api.misar.io/blog/v1/me", {
headers: { Authorization: `Bearer ${process.env.MISARBLOG_API_KEY}` },
});
MCP Authentication
If you're connecting the MisarBlog MCP server, use the MCP connect flow instead of creating a key manually:
POST /api/v1/auth/mcp-connect
This endpoint is session-authenticated (cookie). It generates an mbk_ key, stores the hash in your profile, and delivers the raw key to your local MCP client via a localhost callback URL.
See the MCP Setup guide for the full flow.
Revoking Keys
Go to Dashboard → Settings → API Keys and click Revoke next to any key. Keys can also be revoked programmatically — see API Keys for details.
Security
- Store keys in environment variables — never commit them
- Each key is hashed before storage; the raw key is unrecoverable after creation
- Use separate keys per integration for easy rotation
Error Responses
| Status | Meaning |
|--------|---------|
| 401 Unauthorized | Missing or invalid API key |
| 403 Forbidden | Key lacks permission for the requested resource |
| 429 Too Many Requests | Rate limit exceeded — see rate limits |