Skip to main content

API Keys

Miso uses API keys to authenticate requests. You can view and manage your API keys in the Dojo Dashboard. Each environment has its own set of keys: one secret key and one publishable key. Pass the appropriate key with every API request.

Environments

There are three environments in Miso:
  • Playground — A read-only tutorial environment pre-loaded with sample data. Use this to explore Miso’s APIs without affecting your own data.
  • Development — For staging, QA, and experimentation. Use this environment to test your integration before going live.
  • Production — Your live environment. Use this for all requests that serve real users.

Secret API Key

The secret API key grants full access to all Miso API endpoints, including data ingestion and engine queries. Keep this key private. Never expose it in client-side code or public repositories. If the key is compromised, revoke it in the Dojo Dashboard and generate a new one. You can pass the secret key in either of two ways: As a request header: 
X-API-KEY: YOUR_SECRET_KEY
As a query parameter: 
GET /v1/recommendation/user_to_products?api_key=YOUR_SECRET_KEY

Publishable API Key

The publishable API key is intended for use in front-end code (e.g., browser JavaScript). It can be used to stream interactions from the browser or to retrieve read-only search and recommendation results for a given user. Pass the publishable key as a query parameter: 
POST /v1/interactions?api_key=YOUR_PUBLISHABLE_KEY
Important: When using the publishable API key, the user_id field in your requests must be hashed to maintain security compliance.