Skip to main content
Every endpoint in this reference accepts two credential types in the same Authorization header. Which one you use determines who the API treats you as:
CredentialToken formatActs asPlan
Personal Access Token (PAT)rgo-...The token owner, with the owner’s role and permissionsEssentials and above
Platform API Keyak_live:<uuid>:<secret>Any user in your company, chosen per request via the x-meetergo-api-user-id headerEnterprise / API Platform
See Authentication concepts for how the two credentials differ, and Using a Personal Access Token for the PAT guide.

Personal Access Token

Create one at my.meetergo.com/integrations (API card). A PAT behaves exactly like the user who created it: a regular member’s PAT reaches that member’s resources, while an admin’s PAT can read and manage workspace-wide resources, such as listing users or retrieving appointments across the workspace. 
curl -X GET "https://api.meetergo.com/v4/meeting-type" \
  -H "Authorization: Bearer rgo-your-token"
Do not send x-meetergo-api-user-id with a PAT. PATs always act as the token owner; if the header names another user, the request is rejected with 403. User management endpoints (create, update, delete users) are not available to PATs.

Platform API Key

Create one at my.meetergo.com/admin/api-keys (Settings → API). Only company owners and admins can create and manage API keys.
1

Navigate to API Keys

Go to my.meetergo.com/admin/api-keys in your dashboard.
2

Create a new key

Click Create API Key and optionally give it a descriptive name (e.g., “Production Integration”).
3

Set expiration

Choose an expiration period between 1 and 90 days.
4

Copy your key

Copy the API key immediately—it won’t be shown again.
Credentials are shown only once when created. Store them securely in a password manager or secrets vault. You cannot retrieve them later.

User context header

An API key is owned by your company, not by a user, so most endpoints need to know which user to act as. Pass that user’s ID in the x-meetergo-api-user-id header: 
x-meetergo-api-user-id: 550e8400-e29b-41d4-a716-446655440000
The user must belong to your company. Endpoints marked accordingly (e.g. POST /v4/user, GET /v4/user/me) work without the header and then act as the company owner.
Get a user’s ID from GET /v4/user (list users), from the userId returned when creating a user, or from GET /v4/user/me.

Required headers

HeaderRequiredDescription
AuthorizationAlwaysBearer <your-credential> (PAT or API key)
x-meetergo-api-user-idAPI key: most endpoints. PAT: neverUUID of the user to act on behalf of
Content-TypeFor POST/PUT/PATCHapplication/json

Verification request

Use this call to validate your credential and see who you are authenticated as: 
curl -X GET "https://api.meetergo.com/v4/user/me" \
  -H "Authorization: Bearer <your-credential>"
A successful response (200 OK) returns the full user object: the token owner for a PAT, or the company owner for an API key without a user context header.

Complete example

Request with all headers (Platform API Key): 
curl -X GET "https://api.meetergo.com/v4/meeting-type" \
  -H "Authorization: Bearer ak_live:uuid:secret" \
  -H "x-meetergo-api-user-id: 550e8400-e29b-41d4-a716-446655440000"

Key lifecycle

Expiration

API keys expire after the period you set (1-90 days maximum). PATs can optionally be given an expiration date. Plan to rotate credentials before they expire:
  1. Create a new credential before the old one expires
  2. Update your applications to use the new credential
  3. The old credential will automatically stop working after expiration

Deactivating and revoking

If you suspect a credential has been compromised, revoke it, create a new one, and update your applications.

Error responses

Missing Authorization header

{
  "statusCode": 401,
  "message": "Missing authorization header",
  "error": "Unauthorized"
}

Invalid API key

{
  "statusCode": 401,
  "message": "Invalid API key",
  "error": "Unauthorized"
}

Expired API key

{
  "statusCode": 401,
  "message": "API key has expired",
  "error": "Unauthorized"
}

PAT with impersonation header

{
  "statusCode": 403,
  "message": "The 'x-meetergo-api-user-id' header requires a Platform API Key. Personal Access Tokens always act as the token owner and cannot act on behalf of other users.",
  "error": "Forbidden"
}

Missing user header (API key)

{
  "statusCode": 400,
  "message": "Missing required header 'x-meetergo-api-user-id' for API key authentication",
  "error": "Bad Request"
}

Acting user not in your company (API key)

{
  "statusCode": 500,
  "message": "API user does not belong to company",
  "error": "Internal Server Error"
}

Security best practices

Never expose your credentials in client-side code, public repositories, or logs.

Do

  • Store credentials in environment variables or a secrets manager
  • Use different keys for development and production
  • Rotate credentials regularly (before expiration)
  • Monitor API usage for unexpected activity

Don’t

  • Commit credentials to version control
  • Share credentials via email, chat, or other insecure channels
  • Log credentials in application logs
  • Use the same credential across multiple unrelated applications