Multilogin.io
API Reference

API Authentication

Authenticate with the Multilogin API. Generate API keys, make authenticated requests, handle rate limits, and implement secure token storage.

Rachel Kim
6 min read

The Multilogin API lets you create profiles, launch browsers, and manage proxies programmatically. First step: authentication with API keys.

Generating Your API Key

Log into your Multilogin dashboard. Navigate to Settings → API Keys.

Click "Generate New Key". Give it a name (e.g., "Production Server" or "Dev Environment").

Your API key appears once. Copy it immediately. We don't show it again.

Example key format:

mln_live_abc123def456ghi789jkl012mno345pqr678

Keys start with mln_live_ for production or mln_test_ for testing.

⚠️ Security Warning

Treat API keys like passwords. Never commit them to Git. Don't share them publicly. Store in environment variables. Rotate them quarterly.

Making Authenticated Requests

Include your API key in the Authorization header using Bearer authentication.

cURL Example:

curl https://api.multilogin.io/v1/profiles \
  -H "Authorization: Bearer mln_live_your_api_key_here" \
  -H "Content-Type: application/json"

JavaScript/Node.js Example:

const axios = require('axios');

const API_KEY = process.env.MULTILOGIN_API_KEY;

const client = axios.create({
  baseURL: 'https://api.multilogin.io/v1',
  headers: {
    'Authorization': `Bearer ${API_KEY}`,
    'Content-Type': 'application/json'
  }
});

async function getProfiles() {
  const response = await client.get('/profiles');
  return response.data;
}

Python Example:

import os
import requests

API_KEY = os.getenv('MULTILOGIN_API_KEY')

headers = {
    'Authorization': f'Bearer {API_KEY}',
    'Content-Type': 'application/json'
}

response = requests.get(
    'https://api.multilogin.io/v1/profiles',
    headers=headers
)

profiles = response.json()

API Base URL

All API requests use this base URL:

https://api.multilogin.io/v1

Endpoints are versioned. We currently support v1. Future versions (v2, v3) will be added without breaking v1.

Regional endpoints (coming soon):

  • https://api-us.multilogin.io/v1 - US East
  • https://api-eu.multilogin.io/v1 - Europe West
  • https://api-asia.multilogin.io/v1 - Asia Pacific

Use regional endpoints for lower latency.

Rate Limits

Rate limits prevent API abuse and ensure service stability.

PlanRequests/MinuteRequests/HourDaily Limit
Solo601,00010,000
Team1203,00050,000
Enterprise30010,000Unlimited

When you hit a limit, API returns 429 Too Many Requests:

{
  "error": "rate_limit_exceeded",
  "message": "Rate limit exceeded. Try again in 23 seconds.",
  "retry_after": 23
}

Implement exponential backoff. Wait retry_after seconds before retrying.

Response Formats

All responses return JSON. Successful requests return 2xx status codes.

Success Response:

{
  "success": true,
  "data": {
    "id": "prof_abc123",
    "name": "My Profile",
    "created_at": "2024-01-15T10:30:00Z"
  }
}

Error Response:

{
  "success": false,
  "error": {
    "code": "invalid_parameter",
    "message": "Profile name must be between 1 and 100 characters.",
    "param": "name"
  }
}

Common error codes:

  • unauthorized - Invalid or missing API key
  • forbidden - API key lacks required permissions
  • not_found - Resource doesn't exist
  • invalid_parameter - Request parameter is invalid
  • rate_limit_exceeded - Too many requests
  • internal_error - Server error (we're investigating)

API Key Permissions

API keys have scoped permissions. Control what each key can do.

Available scopes:

  • profiles:read - List and retrieve profiles
  • profiles:write - Create, update, delete profiles
  • profiles:launch - Launch and close browser sessions
  • proxies:read - List proxies
  • proxies:write - Add and update proxies
  • team:read - View team members
  • team:write - Invite and manage team members

When creating a key, select only required scopes. Principle of least privilege.

Secure Key Storage

Environment Variables (Recommended):

# .env file (never commit this)
MULTILOGIN_API_KEY=mln_live_your_key_here

# Load in Node.js
require('dotenv').config();
const apiKey = process.env.MULTILOGIN_API_KEY;

# Load in Python
import os
api_key = os.getenv('MULTILOGIN_API_KEY')

Secret Management Services:

  • AWS Secrets Manager
  • Google Cloud Secret Manager
  • HashiCorp Vault
  • 1Password CLI

Never Store Keys In:

  • Source code
  • Git repositories
  • Public documentation
  • Client-side JavaScript
  • Log files
  • Error messages

Testing Your Authentication

Test your API key with a simple request:

curl https://api.multilogin.io/v1/auth/verify \
  -H "Authorization: Bearer mln_live_your_key_here"

Success response:

{
  "success": true,
  "data": {
    "account_id": "acc_xyz789",
    "plan": "Team",
    "scopes": ["profiles:read", "profiles:write", "profiles:launch"]
  }
}

Failure response (401 Unauthorized):

{
  "success": false,
  "error": {
    "code": "unauthorized",
    "message": "Invalid API key"
  }
}

Key Rotation

Rotate API keys quarterly or after security incidents.

Process:

  1. Generate new API key in dashboard
  2. Update environment variables in all systems
  3. Deploy updated configurations
  4. Test with new key
  5. Revoke old key after 24-hour grace period

Old keys remain valid for 24 hours after new key is activated. This prevents service disruption during rotation.

Use the Profiles API

Authentication configured. Now create, update, and manage browser profiles programmatically with the Profiles API.

Rachel Kim

API Platform Engineer

Rachel Kim designs API infrastructure at Multilogin.io. She's built authentication systems handling 1M+ API requests daily with 99.99% uptime.

Related Guides

Profiles API

Create and manage browser profiles via API

Proxies API

Configure and manage proxies programmatically