The Marfeel API Token - Secret Key

In order to access secured endpoints, either manually or programmatically, Marfeel offers a token based authentication method called the Secret Key. This token is generated in Insight and is used by adding it in a header called "mrf-secret-key".

In this article we are going to first describe how to generate it and then how to use it.


The Secret Key is like a password and should therefore, remain private. Please to not make it appear in the url (no query param).

It should be generated from a user's proprietary Insight account through the steps outlined below.

Generate and view the authentication token

  1. Log in to Insight.
  2. Click your user name in top-right corner of the page and select User Account in the drop-down menu.
  3. The token is displayed in the Secret Key field. 

Change the authentication token

  1. Click Change in the Secret Key field of the Marfeel user details page and a new key is automatically generated. 

Use the Secret key

In order to invalidate

The tool mrf-invalidate handles the secret key internally and allows you to validate both in local and in production. See documentation here.

In curl

Curl is a powerful tool that allows you to make API calls via the command line. In order to use it in authenticated endpoints, add the mrf-secret-key header this way:

curl --header "mrf-secret-key: XXXX"