To connect to Moment APIs, make a request over a secure HTTPS connection. Requests made over plain HTTP will fail.
Authentication to Moment APIs uses secret keys. Store these secret keys securely, as they grant significant privileges to Moment's APIs. Do not share secret keys in publicly accessible areas, including client-side code and GitHub repositories.
Paper mode secret keys have the prefix msk_papr. and live mode secret keys have the prefix msk_live..
Authenticate a request by including the Authorization HTTP header with the value Bearer {secret_key}. For example, add the command-line parameter -H "Authorization: Bearer msk_paper.dWggb2gsIHlvdSd2ZSBkZWNvZGVkIG1lIQ" to authenticate a curl request.
Certain websocket clients, including the native browser Javascript WebSocket implementation, do not allow passing authorization headers. As an alternative, authenticate with the auth_token={secret_key} URL query parameter. For example, new WebSocket("wss://example.com/subscribe?auth_token=msk_paper.dWggb2gsIHlvdSd2ZSBkZWNvZGVkIG1lIQ").