Authentication
Every API request must include your API key in the X-API-Key header.
curl https://medianest.app/api/v1/files \
-H "X-API-Key: mn_your_key_here"
API key format
All keys begin with mn_. Keys that do not match this prefix are rejected with 401.
Creating a key
- Sign in to MediaNest.
- Go to Settings → API Keys.
- Click Create key, give it a name, and choose its permissions.
- Copy the key immediately — it is shown only once.
Permissions
Each key is issued with one or more permission scopes:
| Scope | Allows |
|---|---|
read | List and fetch files and folders |
write | Upload files, create and update folders |
delete | Soft-delete files and folders |
admin | All of the above |
Requests that require a permission the key does not have return 403 FORBIDDEN.
Expiry
Keys can optionally be given an expiry date. An expired key returns 401 with the message API key has expired.
Revoking a key
Go to Settings → API Keys and click Revoke next to the key. Revoked keys return 401 with API key is deactivated.
Security
- Never commit an API key to source control.
- Use environment variables (
MN_API_KEY) to pass keys to your application. - Create separate keys for separate environments (development, staging, production).