Skip to main content
All API requests require authentication using an API key. Most endpoints also require a user context header.

Creating an API Key

1

Navigate to API Keys

Go to my.meetergo.com/admin/api-keys in your dashboard.
2

Create a new key

Click Create API Key and optionally give it a descriptive name (e.g., “Production Integration”).
3

Set expiration

Choose an expiration period between 1 and 90 days.
4

Copy your key

Copy the API key immediately—it won’t be shown again.
API keys are shown only once when created. Store them securely in a password manager or secrets vault. You cannot retrieve the key later.

API Key Format

Your API key follows this format: 
ak_live:<uuid>:<secret>
Example: 
ak_live:01234567-89ab-cdef-1234-567890abcdef:secretpart123
Use the full string as your Bearer token.

Required Headers

Every API request needs the Authorization header. Most endpoints also require the user context header:
HeaderRequiredDescription
AuthorizationYesBearer <your-api-key>
x-meetergo-api-user-idMost endpointsUUID of the user to act on behalf of
Content-TypeFor POST/PUT/PATCHapplication/json

Authorization Header

Include your API key in the Authorization header: 
Authorization: Bearer ak_live:01234567-89ab-cdef-1234-567890abcdef:secretpart123

User Context Header

The x-meetergo-api-user-id header specifies which user’s context to use for the request. This is required for all endpoints that operate on user-specific data. 
x-meetergo-api-user-id: 550e8400-e29b-41d4-a716-446655440000
Get your user ID by calling /v4/user/me with just the Authorization header, or use the userId returned when creating a new user.

Verification Request

Use this call to validate your API Key and retrieve your authenticated user information: 
curl -X GET "https://api.meetergo.com/v4/user/me" \
  -H "Authorization: Bearer ak_live:uuid:secret"
A successful response (200 OK) returns your full user object.

Complete Example

Request with all headers: 
curl -X GET "https://api.meetergo.com/v4/meeting-type" \
  -H "Authorization: Bearer ak_live:uuid:secret" \
  -H "x-meetergo-api-user-id: 550e8400-e29b-41d4-a716-446655440000"

Permissions

Only company owners and admins can create and manage API keys. API keys have full access to all resources within your company.

Key Lifecycle

Expiration

API keys expire after the period you set (1-90 days maximum). Plan to rotate keys before they expire:
  1. Create a new key before the old one expires
  2. Update your applications to use the new key
  3. The old key will automatically stop working after expiration
Keys have a mandatory expiration date (max 90 days). This is a security feature to ensure regular key rotation.

Deactivating Keys

You can temporarily deactivate a key without deleting it:
  1. Go to my.meetergo.com/admin/api-keys
  2. Find the key and click Deactivate
  3. Click Activate to re-enable it later

Revoking Keys

If you suspect a key has been compromised:
  1. Go to my.meetergo.com/admin/api-keys
  2. Find the compromised key
  3. Click Revoke to permanently delete it
  4. Create a new key and update your applications

Error Responses

Missing Authorization Header

{
  "statusCode": 401,
  "message": "Missing authorization header",
  "error": "Unauthorized"
}

Invalid API Key

{
  "statusCode": 401,
  "message": "Invalid API key",
  "error": "Unauthorized"
}

Expired API Key

{
  "statusCode": 401,
  "message": "API key has expired",
  "error": "Unauthorized"
}

Missing User Header

{
  "statusCode": 400,
  "message": "Missing required header 'x-meetergo-api-user-id' for API key authentication",
  "error": "Bad Request"
}

Invalid User

{
  "statusCode": 500,
  "message": "API user does not belong to company",
  "error": "Internal Server Error"
}

Security Best Practices

Never expose your API key in client-side code, public repositories, or logs.

Do

  • Store API keys in environment variables or a secrets manager
  • Use different keys for development and production
  • Rotate keys regularly (before the 90-day expiration)
  • Monitor API usage for unexpected activity

Don’t

  • Commit API keys to version control
  • Share keys via email, chat, or other insecure channels
  • Log API keys in application logs
  • Use the same key across multiple unrelated applications