Skip to main content
Every request to the Developer API carries a Bearer API key in the Authorization header: 
# Sandbox
curl https://api.staging.maple.inc/v1/me \
  -H "Authorization: Bearer mpk_test_..."
A key answers three questions at once: which app you are, which environment you belong to (sandbox or production), and which scopes you hold. Verify any key with GET /v1/me, which returns exactly that. Each environment has its own base URL — https://api.staging.maple.inc/v1 for the sandbox and https://api.maple.inc/v1 for production. Use the key that matches the host. See Environments.

API keys

Maple issues your API keys during onboarding.
KeyEnvironmentBase URL
mpk_test_…Sandboxhttps://api.staging.maple.inc/v1
mpk_live_…Productionhttps://api.maple.inc/v1
Send the key as the bearer token on every request, against the base URL for its environment. Keep keys server-side; never embed them in a client app or commit them to source control. Narrowing an app’s scopes takes effect immediately for its existing keys.
Keys are managed by the Maple team. Maple issues your keys during onboarding; there’s no self-serve key rotation yet. If a key is lost or compromised, contact us for a replacement.

Scopes

Access is scoped, so your app holds only the permissions it needs:
ScopeGrants
locations:readList and read granted locations
connections:read / connections:writeRead or manage the location connection
orders:read / orders:writeRead orders or submit order decisions
menus:read / menus:writeRead or publish a location’s menu
webhooks:read / webhooks:writeRead or manage webhook subscriptions
A request missing a required scope returns 403 with code insufficient_scope. A key used against the wrong environment returns 403 with code wrong_environment. See Errors.
Check what a key can do without making a real call: GET /v1/me returns the app, its environment, and its effective scopes.

OAuth

Under construction. OAuth-based access (merchant-delegated tokens and client_credentials grants) is not part of the generally available Developer API yet. Use API keys for now. If your integration needs OAuth, talk to the Maple team — this section will expand when the flow is finalized.