All Monigo API requests are authenticated using an API key passed as a Bearer token in the Authorization header.
Authorization: Bearer mk_live_xxxxxxxxxxxxxxxxxxxx
API key types
| Prefix | Mode | Description |
|---|
mk_live_ | Live | Triggers real charges and payouts |
mk_test_ | Test | Isolated sandbox — no real money moved |
Never expose live API keys in client-side code, mobile apps, or public repositories.
Creating API keys
API keys are created per organisation in Dashboard → API Keys. You can create multiple keys with different names to track usage by service or environment.
Rotating keys
If a key is compromised, delete it immediately from the dashboard. Any in-flight requests using that key will be rejected. Create a new key and update your environment variables.
Test mode
When using a mk_test_ key:
- Events are ingested and metered normally
- Invoices are generated but not charged
- Payouts are queued but not submitted to the payment provider
- All data is isolated from your live environment
This makes test mode safe to use during development and CI/CD pipelines. 
