Skip to main content

Overview

The Musique Partner API uses token-based authentication. All requests must include an X-API-Key header with a valid API token.

Generate Token

Create a new API authentication token for Partner API access.

Endpoint

POST /api/integration/auth

Request Body

externalId
string
required
Your internal identifier for this integration (e.g., “loja1”, “store_001”)
companyToken
string
required
Company token provided by Musique during onboarding

Request Example

curl -X POST https://api.musique.app/api/integration/auth \
  -H "Content-Type: application/json" \
  -d '{
    "externalId": "store_001",
    "companyToken": "comp_abc123xyz"
  }'

Response

token
string
Your API authentication token. Store this securely.
expires_at
string | null
Token expiration timestamp. null means the token doesn’t expire.
{
  "token": "msk_live_1234567890abcdef",
  "expires_at": null
}
  • Store your token securely (environment variables, secret management)
  • Never expose tokens in client-side code or public repositories
  • Revoke and regenerate tokens if compromised

Test Token

Verify that your API token is valid and has the required permissions.

Endpoint

POST /api/integration/test

Headers

X-API-Key
string
required
Your API authentication token

Request Example

curl -X POST https://api.musique.app/api/integration/test \
  -H "X-API-Key: msk_live_1234567890abcdef"

Response

valid
boolean
Whether the token is valid
externalId
string
The external ID associated with this token
userId
number
The Musique user ID mapped to your external ID
permissions
array
List of permissions granted to this token
{
  "valid": true,
  "externalId": "store_001",
  "userId": 4348,
  "permissions": [
    "audio.read",
    "audio.write",
    "audio.delete",
    "audio.send"
  ]
}
Use this endpoint during development to verify your token setup before making other API calls.

Revoke Token

Invalidate an API token immediately. Use this if a token is compromised or no longer needed.

Endpoint

DELETE /api/integration/auth

Headers

X-API-Key
string
required
The API token to revoke

Request Example

curl -X DELETE https://api.musique.app/api/integration/auth \
  -H "X-API-Key: msk_live_1234567890abcdef"

Response

revoked
boolean
Confirmation that the token was revoked
message
string
Success message
{
  "revoked": true,
  "message": "API token successfully revoked"
}
After revoking a token, you’ll need to generate a new one to continue using the API. Update your applications with the new token.

Token Security Best Practices

DO:
  • Use environment variables (process.env.MUSIQUE_API_KEY)
  • Store in secret management systems (AWS Secrets Manager, HashiCorp Vault)
  • Encrypt tokens at rest in databases
DON’T:
  • Hardcode in source code
  • Commit to version control (check .gitignore)
  • Expose in client-side JavaScript
  • Share via unsecure channels (email, chat)
  • Generate new tokens periodically (e.g., every 90 days)
  • Revoke old tokens after migrating to new ones
  • Maintain audit logs of token generation/revocation
  • Have a process for emergency token rotation
  • Track which tokens are making requests
  • Set up alerts for unusual activity patterns
  • Review API logs regularly
  • Use different tokens for different environments (dev, staging, production)
  • Use separate tokens for different integrations
  • Request minimum necessary permissions
  • Implement the principle of least privilege
  • Revoke unused tokens immediately

Common Issues

Possible causes:
  • Token was revoked
  • Incorrect header name (must be X-API-Key)
  • Token has whitespace or line breaks
  • Token is for wrong environment
Solution: Test your token using the /api/integration/test endpoint and verify the response.
Possible causes:
  • Invalid company token
  • External ID already in use
  • Account not set up for Partner API access
Solution: Contact [email protected] with your company information and external ID.
Possible causes:
  • Token doesn’t have required permissions
  • Account limitations
  • Feature not enabled for your plan
Solution: Check permissions via /api/integration/test and contact support to adjust.

Next Steps

Audio Endpoints

Learn how to upload, manage, and send audio files.

System Endpoints

Check system health, usage limits, and logs.