Authentication
This guide explains how to authenticate with MOUNTAIN's Public API to securely access services and integrate functionality into your applications.
Authentication Overview
MOUNTAIN uses a dual-token authentication system:
- Public API Access Token - Identifies and authenticates your user account
- Project API Key - Identifies the specific project you're working with
Authentication Flow
Required Headers
All API requests must include the following headers:
Authorization: Bearer YOUR_PUBLIC_API_ACCESS_TOKEN
x-project-api-key: YOUR_PROJECT_API_KEY
Content-Type: application/json
Getting Your Credentials
1. Public API Access Token
Your Public API Access Token is provided when your account is set up. This token:
- Authenticates your user identity
- Grants access to the Public API with specific roles
- Should be kept secure and never shared
User Roles
Your access token includes specific roles that determine your permissions:
admin: Full access to all operationseditor: Read and modify permissionsreader: Read-only accesstx-sender: Blockchain transaction execution permissions
Security
Keep your Public API Access Token secure. If compromised, contact support immediately to revoke and regenerate it.
2. Project API Key
Your Project API Key identifies the specific project you're working with:
- Each project has a unique API key
- Provided during project setup
- Used to scope API operations to your project
Error Handling
Common Authentication Errors
- 401 Unauthorized: Invalid or missing access token
- 403 Forbidden: Valid token but insufficient permissions
- 400 Bad Request: Missing or invalid project API key
Response Example
{
"error": "Unauthorized",
"message": "Access token is missing, invalid, or expired",
"statusCode": 401
}
Security Considerations
Best Practices
- Store credentials securely - Use environment variables or secure credential storage
- Use HTTPS only - Never send credentials over unencrypted connections
- Rotate tokens regularly - Request new tokens periodically for enhanced security
- Monitor for breaches - Watch for unexpected API usage that might indicate compromised credentials
Role-Based Access Control
- Each API endpoint requires specific roles for access
- Your access token's roles determine which operations you can perform
- Role-based permissions ensure proper project access control
- Contact support if you need different role permissions
Next Steps
- Making Your First API Call - Learn how to make API calls
- API Operations - Learn about available API endpoints
- API Reference - Complete API documentation