Milkey Documentation

Authentication

Secure your connections to the Milkey platform using Secret API keys.

Milkey uses API keys to authenticate headless requests from your AI clients. All API endpoints on the /user/* and /skills/* paths require valid authentication.

Bearer Tokens

To authenticate via HTTP, you must provide your API key in the Authorization header using the Bearer schema.

BASH

Authorization: Bearer mk_live_1234567890abcdef

If no Authorization header is provided, or if the provided token is invalid or revoked, the server will respond with a 401 Unauthorized state.

Dashboard Sessions (Clerk)

Milkey utilizes Clerk for managing user identity and dashboard sessions. If you are interacting with Milkey from a browser (for instance, building a custom dashboard metric panel), you should rely on Clerk's session tokens instead of manually managing API keys.

Clerk tokens are issued automatically when users log in and refresh silently in the background. Note that API keys and Clerk session tokens both resolve to your internal User ID seamlessly at the backend gateway.

Dual Auth Strategy

Milkey's requireAuth middleware dynamically accepts either a Clerk JWT or a Milkey Secret API key. This means the same endpoints can serve both your AI agents and your browser interfaces.

Authentication Errors

If your request fails to authenticate, one of the following reasons usually applies:

Token revoked: You deleted the API key from your dashboard.
Malformed header: Missing the Bearer prefix.
Suspended account: Your Milkey account has been locked or deleted.