Authentication
API keys
All API requests require a Bearer token. API keys are scoped to a single organization — they can only access that organization's emails.
Creating an API key
- Go to Organization Settings (
/org/edit) - Click the API Keys tab
- Enter a name for the key
- Optionally set an expiration (1–3650 days)
- Click Create
The key is shown once after creation — copy it immediately. It cannot be retrieved later.
Key format
API keys are prefixed with mo_ followed by a random string:
mo_abc123def456...Using the key
Include the key in the Authorization header:
bash
curl -H "Authorization: Bearer mo_your_api_key" \
https://mailoven.com/api/v1/emails?to=testRevoking a key
Go to Organization Settings → API Keys and click Delete next to the key you want to revoke. The key stops working immediately.
Error responses
| Status | Error | Meaning |
|---|---|---|
401 | Missing API key | No Authorization header provided |
401 | Invalid API key format | Header doesn't match Bearer <token> |
401 | Invalid API key | Key not found or has been deleted |
401 | API key expired | Key has passed its expiration date |
429 | API rate limit exceeded | You've hit the per-org rate limit |