Skip to main content
Every request authenticates with an API key passed as a bearer token, plus a header naming the team to act on.
Authorization: Bearer mel_...
x-team-id: <your team id>

Create an API key

In the Melius app, go to Team settings → Integrations and create a key. Each key:
  • Is shown once at creation — copy it before closing the dialog.
  • Can be given an expiry, or set to never expire.
  • Can be revoked at any time from the same page — revocation takes effect immediately.
Treat an API key like a password. Don’t commit it to source control or expose it in client-side code. Set it from an environment variable or a secrets manager.

Find your team id

x-team-id selects which team a request acts on. List your teams — note that /teams returns your memberships, so the team id is under .team.id:
curl -s -H "Authorization: Bearer mel_..." https://api.melius.com/api/v1/teams \
  | jq '.[] | {teamId: .team.id, name: .team.name, plan: .team.plan, role}'
If you omit x-team-id, requests default to the team the key was created in.

How keys are scoped

An API key acts on behalf of the user who created it. That has three consequences worth understanding:
  • It spans that user’s teams. A key can act on any team its creator is a member of by passing that team’s x-team-id — not just the team it was created in. It can never reach a team its creator doesn’t belong to.
  • It’s capped at the creator’s role in each team. Permissions follow the user’s role in the team being acted on, exactly like the app — the key never grants more than that role. Owner/admin-only actions (managing members, billing, team settings) require that role in the acted-on team; a viewer can only read. Selecting a different team with x-team-id never escalates access.
  • It follows the creator’s membership. If the creating user leaves a team, the key loses access to that team.
For a long-lived production integration, create the key from an account that will remain a member of the team — a dedicated service account rather than a personal login.

Errors

StatusMeaning
401Missing, invalid, expired, or revoked API key.
403The key’s user isn’t a member of the requested x-team-id, or their role there doesn’t permit the action.
429Monthly request limit reached — retry after the Retry-After header.
400Invalid request — including not enough credits to run a generation.

Next steps

Quickstart

Run your first generation end to end.

API overview

The base URL, the async job model, and how generations work.
Last modified on July 1, 2026