API Keys
MeshAI uses Bearer token authentication. All API keys start with msh_.
curl https://api.meshai.dev/agents \
-H "Authorization: Bearer msh_YOUR_API_KEY"
Key Types
| Type | Prefix | Permissions |
|---|
| Admin | msh_ | Full access — manage agents, policies, billing, users |
| Proxy | msh_ | Forward LLM requests through the proxy; read-only agent data |
| Read-only | msh_ | Read agents, cost, anomalies; no write operations |
Scopes
Admin keys can be scoped to limit permissions:
| Scope | Allows |
|---|
agents:read | List and get agents |
agents:write | Register, update, delete agents |
telemetry:write | Send heartbeats and usage data |
cost:read | Query cost endpoints |
anomalies:read | List and get anomalies |
anomalies:write | Acknowledge, resolve anomalies |
governance:read | List policies, approvals, audit events |
governance:write | Create policies, decide approvals, classify risk |
compliance:read | Get readiness score, FRIA, transparency cards |
compliance:write | Create FRIA, report incidents |
billing:read | Get billing info |
billing:write | Change plan, manage checkout |
platform:admin | Tenant management (platform admins only) |
Create an API Key
Via Dashboard
Go to app.meshai.dev/settings/api-keys and click “Create API Key”. Select the scopes you need.
Via API
curl -X POST https://api.meshai.dev/auth/api-keys \
-H "Authorization: Bearer msh_YOUR_ADMIN_KEY" \
-H "Content-Type: application/json" \
-d '{
"label": "ci-pipeline-key",
"scopes": ["agents:read", "agents:write", "telemetry:write"],
"expires_in_days": 90
}'
{
"success": true,
"data": {
"id": "key_abc123",
"key": "msh_live_abc123def456",
"label": "ci-pipeline-key",
"scopes": ["agents:read", "agents:write", "telemetry:write"],
"expires_at": "2026-06-15T10:00:00Z",
"created_at": "2026-03-17T10:00:00Z"
}
}
The API key is shown once at creation time. Store it securely — you cannot retrieve it later.
Signup
Create a new MeshAI account:
curl -X POST https://api.meshai.dev/auth/signup \
-H "Content-Type: application/json" \
-d '{
"email": "user@company.com",
"password": "secure-password",
"company_name": "Acme Corp"
}'
{
"success": true,
"data": {
"tenant_id": "tnt_abc123",
"user_id": "usr_def456",
"api_key": "msh_live_abc123def456",
"message": "Account created. Check your email to verify."
}
}
Login
Get a session token for dashboard access or exchange for an API key:
curl -X POST https://api.meshai.dev/auth/login \
-H "Content-Type: application/json" \
-d '{
"email": "user@company.com",
"password": "secure-password"
}'
{
"success": true,
"data": {
"access_token": "eyJhbGciOi...",
"token_type": "bearer",
"expires_in": 3600,
"tenant_id": "tnt_abc123"
}
}
Key Rotation
Rotate keys without downtime by creating a new key before deleting the old one:
Create a new key
Create a new API key with the same scopes.
Update your agents
Deploy the new key to all agents and services.
Delete the old key
Once all agents are using the new key, delete the old one:curl -X DELETE https://api.meshai.dev/auth/api-keys/key_old123 \
-H "Authorization: Bearer msh_YOUR_ADMIN_KEY"
