All API requests require authentication via Bearer token in the Authorization header.
Bearer Token Authentication
Every request to the Melonly API must include a valid Bearer token in the Authorization header:
Authorization: Bearer your_api_token_here
Token Security: API tokens provide full access to your server data. Store them securely and never expose them in client-side code or version control.
cURL
JavaScript
Python
Go
curl -H "Authorization: Bearer your_api_token_here" \
https://api.melonly.xyz/api/v1/server/info
Token Context
When using your server token, there’s no need to include server IDs in request paths. The API automatically infers server context from your token.
GET /api/v1/server/logs
Authorization: Bearer your_server_token
/server/* automatically operate within your token’s server scope.
Rate Limiting
Rate limits are enforced per server token for premium users. Review the rate limiting documentation for specific limits and best practices.
Authentication Errors
Common authentication error responses:
401 Unauthorized - Missing Token
Response:{
"error": "authorization header is required"
}
Authorization header provided in the request. 401 Unauthorized - Invalid Token
Response:{
"error": "invalid or expired token"
}
- Token has expired
- Token was revoked or deleted
- Malformed token string
- Token doesn’t exist
403 Forbidden - Insufficient Permissions
Response:{
"error": "insufficient permissions for this operation"
}
Token Management
Environment Variables: Store your API tokens in environment variables rather than hardcoding them in your application source code.
