Using the API and webhooks
Using the API and webhooks
Manage your API keys and webhook subscriptions from the control plane, then use the developer documentation for the full integration reference.
MediaMagic Verify is API-first. You can drive submissions, read results, and receive real-time events in your own systems. This article covers what you do in the control plane; the complete API and webhook reference lives in the developer documentation.
Managing API keys
Go to Developers > API Keys to create and manage keys for your workspace. You'll need an org admin or workspace admin role.
Test vs live keys
Each key belongs to an environment:
Test (sandbox) — for development and integration work. Safe to experiment with.
Live (production) — for real submissions and traffic.
Keep these separate so test activity never touches production data.
Creating and storing a key
When you create a key, the full value is shown exactly once. Copy it straight away and store it securely — afterwards only a masked prefix (for example mmk_live_••••••••) is shown. If you lose a key, revoke it and create a new one.
The API Keys table shows each key's name, masked value, environment, status, request count, last-used date, expiry, and creation date, so you can audit access at a glance.
Revoking a key
Revoke a key the moment it's compromised or no longer needed. Revocation is immediate — subsequent requests using that key are rejected. Revoked keys stay in the table for your audit trail rather than being deleted.
Monitoring usage
Developers > API Usage shows a log of requests made with your workspace keys: the key used, endpoint, method, status, duration, and timestamp. Filter by key and date range to debug an integration or audit activity.
Managing webhooks
Webhooks push platform events to your own endpoint. Go to Developers > Webhooks (org admin or workspace admin only).
Create a subscription — provide an endpoint URL, an optional description, and the event types you want.
Signing secret — shown once at creation. Store it securely; use it to verify the HMAC signature on incoming payloads. If lost, delete and recreate the subscription.
Disable or delete — pause delivery temporarily without losing the subscription, or remove it entirely.
Delivery logs — each subscription's detail page shows delivery metrics and the 50 most recent attempts (status, response code, timestamp, event ID) to help you debug.
Subscriptions are scoped to a single workspace.
Full reference on the docs site
Keep request/response detail, code samples, and event payloads in the developer docs:
What our API support covers
API support is bounded. Our team supports these categories:
API availability, uptime, and latency — the API is reachable and performing within SLA
Authentication and access — API keys, token issuance, permission errors
Data correctness — the data we return is accurate and consistent with what you submitted
Webhook delivery — webhooks fire correctly and within expected timeframes
Everything else — your own client-side implementation, custom front-end behaviour, and third-party tooling — is outside our support scope. For those questions, start with the developer documentation.