Overview
The MentionLab API uses API key authentication and context headers to secure and scope your API requests. Every request must include proper authentication credentials.Authentication Components
MentionLab requires three components for most API requests:API Key
Your API key that authenticates who you are.
Organisation ID
Identifies which organisation context to use.
Project ID
Specifies which project to operate on (when required).
Required Headers
| Header | Type | Required | Description |
|---|---|---|---|
x-api-key | string | Always | Your API key. Format: ml_live_... |
x-organisation-id | string | Always | UUID of your organisation |
x-project-id | string | Conditional | UUID of the project (required for project-scoped operations) |
Example Request
Here’s a complete example showing all required headers:When Each Header is Required
Organisation-Level Endpoints
These endpoints only requirex-api-key and x-organisation-id:
- All
/api/projects/*endpoints - …
Project-Level Endpoints
These endpoints require all three headers (x-api-key, x-organisation-id and x-project-id):
- All
/api/queries/*endpoints - All
/api/tags/*endpoints - All
/api/result-analysis/*endpoints - All
/api/cached-jobs/*endpoints - …
Security Best Practices
Store credentials securely
Store credentials securely
Never hardcode your API key in source code. Use environment variables or a secrets manager:
Use HTTPS only
Use HTTPS only
All API requests must use HTTPS. The API will reject any HTTP requests.