Authentication
The Mira API uses API keys for authentication. Every request must include a valid key in the Authorization header.
Subscription Required
API keys and API access require an active Business or Enterprise subscription. Pay-as-you-go token purchases do not include API access.
API Keys
API keys are scoped to your organization and can be created by admin users. Each key has a set of permissions that control what operations it can perform.
Creating a Key
- Sign in to Mira as an admin or superadmin.
- Navigate to
Settings → API Keys. - Click Create API Key, enter a name (e.g. "Production", "CI/CD"), and create the key.
- Copy the full key immediately — it is only shown once and cannot be retrieved later.
Key Security
Treat your API key like a password. Never commit it to source control, expose it in client-side code, or share it in plain text. Use environment variables or a secrets manager.
Using Your API Key
Include the API key as a Bearer token in the Authorization header of every request.
Authorization: Bearer mira_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxExample Request
curl -X GET "https://your-domain.com/api/v1/meetings" \
-H "Authorization: Bearer mira_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxx" \
-H "Content-Type: application/json"Permissions
API keys can have one or more of the following permissions:
| Permission | Allows |
|---|---|
read | Read access to meetings, reports, templates, team stats, and insights |
write | Create, update, and delete templates. Start roleplay sessions. |
admin | Full access including administrative operations |
Key Format
All Mira API keys follow this format:
mira_live_<32-character-random-string>Keys always start with mira_live_. The prefix is displayed in the dashboard for identification, but the full key is only shown at creation time.
Revoking Keys
To revoke a key, go to Settings → API Keys and click Revoke next to the key. Revoked keys immediately stop working — any requests using a revoked key will receive a 401 Unauthorized response.
Key Rotation
We recommend rotating API keys periodically. Create a new key, update your integrations, then revoke the old key.