Getting Started

Authentication

How to authenticate with the SmartMCA API

All API requests require authentication via an API key sent in the Authorization header.

API Keys

API keys are created in Settings > API Access in the SmartMCA dashboard. Each key has:

• Scopes — Permissions for specific resources (e.g., deals:read, merchants:write)
• Environment — live (production data) or test (sandbox)
• Rate Limits — Per-minute and per-day request limits
• IP Allowlist — Optional IP restriction

Making Requests

Include your API key as a Bearer token:

curl -H "Authorization: Bearer smca_live_abc123..." \
  https://api.smartmca.com/api/public/v1/deals

Key Prefixes

Prefix	Environment
smca_live_	Production
smca_test_	Sandbox/Test

Security Best Practices

1. Never expose keys in client-side code — API keys should only be used server-to-server
2. Use minimum scopes — Only grant the permissions your integration needs
3. Rotate keys regularly — Create a new key and revoke the old one
4. Use IP allowlists — Restrict keys to known server IPs
5. Monitor usage — Check the analytics dashboard for unusual activity

Error Responses

Status	Code	Description
401	UNAUTHORIZED	Missing or invalid API key
403	FORBIDDEN	Key lacks required scope
403	IP_NOT_ALLOWED	Request from unauthorized IP
429	RATE_LIMITED	Rate limit exceeded