All API requests require authentication via Bearer token in the Authorization header.

Bearer Token Authentication

Every request to the Melonly API must include a valid Bearer token in the Authorization header: 
Authorization: Bearer your_api_token_here
Tokens are server-scoped and inherit the permissions of the user who created them.
Token Security: API tokens provide full access to your server data. Store them securely and never expose them in client-side code or version control.

Request Format

curl -H "Authorization: Bearer your_api_token_here" \
  https://api.melonly.xyz/api/v1/server/info

Token Context

When using your server token, there’s no need to include server IDs in request paths. The API automatically infers server context from your token. 
GET /api/v1/server/logs
Authorization: Bearer your_server_token
All endpoints under /server/* automatically operate within your token’s server scope.

Rate Limiting

Rate limits are enforced per server token for premium users. Review the rate limiting documentation for specific limits and best practices.
Authentication failures and rate limit violations are tracked separately. Multiple authentication failures may result in temporary token suspension.

Authentication Errors

Common authentication error responses:

Token Management

Generate Token

Create your first API token through the server dashboard

Security Best Practices

Token rotation, storage, and security recommendations
Environment Variables: Store your API tokens in environment variables rather than hardcoding them in your application source code.