API Authentication

Authentication requirements for Intended runtime and administration APIs.

beginner1 min readimplemented

API Authentication#

Intended APIs are fail-closed and require explicit authentication context.

Required headers#

Authorization: Bearer <api-key-or-session-token>
x-tenant-id: <tenant-id> for tenant-scoped routes where required

API keys#

Production keys use the mrt_live_ prefix.
Non-production keys use the mrt_test_ prefix.
Restrict key scope to the minimum permissions required.

Session-backed routes#

Some control-plane routes rely on authenticated session context and role checks. When using these routes from a browser or trusted server, ensure the current user has the required role and permissions.

Example#

bash

curl -X POST https://api.intended.so/intent \
  -H "Authorization: Bearer mrt_live_abc123" \
  -H "x-tenant-id: tenant_acme_prod" \
  -H "Content-Type: application/json" \
  -d '{ ... }'

API Authentication#

Required headers#

API keys#

Session-backed routes#

Example#

See also#