Skip to main content
Use your MKA1 API key in the Authorization header on every request. For multi-user server-side integrations, also send X-On-Behalf-Of to identify the end user.

Send your API key

Pass your API key as a bearer token. 
Authorization: Bearer <mka1-api-key>
Use https://apigw.mka1.com as the base URL. 
curl https://apigw.mka1.com/api/v1/llm/responses \
  --request POST \
  --header 'Content-Type: application/json' \
  --header 'Authorization: Bearer <mka1-api-key>' \
  --data '{
    "model": "meetkai:functionary-urdu-mini-pak",
    "input": "Write a short welcome message."
  }'
If your API key is missing, invalid, or does not have access to the requested resource, the MKA1 API returns an authentication or authorization error.

Send X-On-Behalf-Of for an end user

Use X-On-Behalf-Of when your server is making a request for one of your end users. Set the header value to your own stable end user identifier. 
X-On-Behalf-Of: <end-user-id>
For example, if your app stores users as user_123, use that value consistently in requests made for that user. 
curl https://apigw.mka1.com/api/v1/llm/responses \
  --request POST \
  --header 'Content-Type: application/json' \
  --header 'Authorization: Bearer <mka1-api-key>' \
  --header 'X-On-Behalf-Of: user_123' \
  --data '{
    "model": "meetkai:functionary-urdu-mini-pak",
    "input": "Summarize this support ticket."
  }'
If your integration does not act for a specific end user, omit X-On-Behalf-Of.

Choose the right pattern

Use only Authorization when:
  • You are calling the MKA1 API for your own backend workflow.
  • The request is not tied to a specific end user.
Use both Authorization and X-On-Behalf-Of when:
  • Your server is acting for one of your end users.
  • You want requests, responses, files, or usage to stay associated with that end user.
Do not send an email address or mutable display name unless that is already your stable end user identifier. Use an ID from your own system that does not change.

Exchange an API key for a JWT

Use POST /api/v1/authentication/api-key/exchange-token when you need a short-lived JWT for a downstream service. Send your MKA1 API key in Authorization. Then pass a JSON body with:
  • audience: The service URL that should accept the token.
  • externalUserId: Your end user ID for the JWT subject.
  • expiresIn: Optional token lifetime in seconds. The OpenAPI spec allows 300 to 2592000.
  • permissions: Optional subset of API key permissions to embed in the token.
curl https://apigw.mka1.com/api/v1/authentication/api-key/exchange-token \
  --request POST \
  --header 'Content-Type: application/json' \
  --header 'Authorization: Bearer <mka1-api-key>' \
  --data '{
    "audience": "https://my-awesome-website.com",
    "externalUserId": "user_123",
    "expiresIn": 3600,
    "permissions": [
      "agent:create",
      "agent:read"
    ]
  }'
A successful response returns a JSON object with token.

Next steps

Review the API overview for the base URL and the live OpenAPI spec. Then use the API Reference tab to inspect request and response details for the endpoints you call.