Authentication
Create an API token and authenticate requests with the Authorization header.
The hellomateo API uses API tokens for authenticated access. Create an API token in hellomateo, store it securely, and send it as a bearer token in the Authorization header on every request.
Authorization: Bearer <your_api_token>Every authenticated request must also include the current API version header.
API tokens grant access to your hellomateo organisation. Do not expose tokens in frontend code, mobile apps, public repositories, logs, support screenshots, or other places where untrusted users can read them.
If a token is exposed, revoke it and create a replacement token before sending additional production traffic.
If the API token is missing, malformed, revoked, or otherwise invalid, the API returns a JSON error response with a stable code and a request_id for debugging.