Authentication
Use a public API key with either Authorization or X-API-Key headers.
Authentication
Send the public API key with either of these headers:
Authorization: Bearer mgapi_live_...X-API-Key: mgapi_live_...
Inspect the authenticated key
Use GET /v1/me to confirm the key scopes and resolved tenant configuration.
cURL
curl -X GET "https://api.mortgageguidelines.com/v1/me" \
-H "Authorization: Bearer mgapi_live_your_key_here"TypeScript fetch
const response = await fetch("https://api.mortgageguidelines.com/v1/me", {
headers: {
Authorization: "Bearer mgapi_live_your_key_here",
},
});
const data = await response.json();Header guidance
- Use
Authorizationwhen your HTTP client already supports bearer auth helpers. - Use
X-API-Keywhen you want to avoid bearer-specific middleware. - Do not send both unless your middleware stack requires it.