API Communication
All API requests must originate from your application's backend server. Direct client-side calls are not permitted for security reasons.
Each request must include the appropriate headers as described below. You can find this information also in our API documentation of each endpoint.
API Host
Throughout this documentation, MEWE_HOST is used as a placeholder for the API base URL. Replace this placeholder with the appropriate host for your target environment.
| Environment | Host |
|---|---|
| Production | https://mewe.com |
| Current | Loading... |
Headers
All API requests must include specific headers for authentication and identification. Your credentials are available in the Developer Portal.
| Header | Description | Required |
|---|---|---|
X-App-Id | Your unique application identifier | All requests |
X-Api-Key | Your application's secret API key | Authorization requests |
Authorization | Bearer token: Bearer <apiToken> | Authenticated requests |
Header Details
X-App-Id — Include this header in every API request to identify your application.
X-Api-Key — Required only when requesting the loginRequestToken and apiToken during the authentication flow.
Authorization — After obtaining an apiToken through authentication, include it as a Bearer token for all subsequent API requests.
Keep your API_KEY and API_TOKEN confidential. Never expose it in client-side code or public repositories.