Skip to content
MediaMagic Verify Help Center home
MediaMagic Verify Help Center home

Using the API and webhooks

Using the API and webhooks

Manage your API keys and webhook subscriptions from the control plane, then use the developer documentation for the full integration reference.

MediaMagic Verify is API-first. You can drive submissions, read results, and receive real-time events in your own systems. This article covers what you do in the control plane; the complete API and webhook reference lives in the developer documentation.

Managing API keys

Go to Developers > API Keys to create and manage keys for your workspace. You'll need an org admin or workspace admin role.

Test vs live keys

Each key belongs to an environment:

  • Test (sandbox) — for development and integration work. Safe to experiment with.

  • Live (production) — for real submissions and traffic.

Keep these separate so test activity never touches production data.

Creating and storing a key

When you create a key, the full value is shown exactly once. Copy it straight away and store it securely — afterwards only a masked prefix (for example mmk_live_••••••••) is shown. If you lose a key, revoke it and create a new one.

The API Keys table shows each key's name, masked value, environment, status, request count, last-used date, expiry, and creation date, so you can audit access at a glance.

Revoking a key

Revoke a key the moment it's compromised or no longer needed. Revocation is immediate — subsequent requests using that key are rejected. Revoked keys stay in the table for your audit trail rather than being deleted.

Monitoring usage

Developers > API Usage shows a log of requests made with your workspace keys: the key used, endpoint, method, status, duration, and timestamp. Filter by key and date range to debug an integration or audit activity.

Managing webhooks

Webhooks push platform events to your own endpoint. Go to Developers > Webhooks (org admin or workspace admin only).

  • Create a subscription — provide an endpoint URL, an optional description, and the event types you want.

  • Signing secret — shown once at creation. Store it securely; use it to verify the HMAC signature on incoming payloads. If lost, delete and recreate the subscription.

  • Disable or delete — pause delivery temporarily without losing the subscription, or remove it entirely.

  • Delivery logs — each subscription's detail page shows delivery metrics and the 50 most recent attempts (status, response code, timestamp, event ID) to help you debug.

Subscriptions are scoped to a single workspace.

Full reference on the docs site

Keep request/response detail, code samples, and event payloads in the developer docs:

What our API support covers

API support is bounded. Our team supports these categories:

  • API availability, uptime, and latency — the API is reachable and performing within SLA

  • Authentication and access — API keys, token issuance, permission errors

  • Data correctness — the data we return is accurate and consistent with what you submitted

  • Webhook delivery — webhooks fire correctly and within expected timeframes

Everything else — your own client-side implementation, custom front-end behaviour, and third-party tooling — is outside our support scope. For those questions, start with the developer documentation.