Skip to main content
POST
/
api
/
integration
/
auth
curl -X POST https://api.musique.app/api/integration/auth \
  -H "Content-Type: application/json" \
  -d '{
    "externalId": "store_001",
    "companyToken": "comp_abc123xyz"
  }'

{
  "token": "msk_live_1234567890abcdef",
  "expires_at": null
}
Create a new API authentication token for Partner API access.
Store your token securely. Tokens don’t expire by default, but can be revoked at any time.

Request

Body Parameters

externalId
string
required
Your internal identifier for this integration (e.g., “loja1”, “store_001”)
companyToken
string
required
Company token provided by Musique during onboarding

Response

token
string
Your API authentication token. Store this securely.
expires_at
string | null
Token expiration timestamp. null means the token doesn’t expire.
curl -X POST https://api.musique.app/api/integration/auth \
  -H "Content-Type: application/json" \
  -d '{
    "externalId": "store_001",
    "companyToken": "comp_abc123xyz"
  }'

{
  "token": "msk_live_1234567890abcdef",
  "expires_at": null
}

Security Best Practices

  • Store your token securely (environment variables, secret management)
  • Never expose tokens in client-side code or public repositories
  • Revoke and regenerate tokens if compromised
DO:
  • Use environment variables (process.env.MUSIQUE_API_KEY)
  • Store in secret management systems (AWS Secrets Manager, HashiCorp Vault)
  • Encrypt tokens at rest in databases
DON’T:
  • Hardcode in source code
  • Commit to version control (check .gitignore)
  • Expose in client-side JavaScript
  • Generate new tokens periodically (e.g., every 90 days)
  • Revoke old tokens after migrating to new ones
  • Have a process for emergency token rotation