Authentication

All API requests require authentication using a Bearer token in the Authorization header.

Obtaining API Credentials

1. Log in to your Mando admin panel at https://www.mando.fi
2. Navigate to Hallinta → Yritys (Settings -> Company)
3. Select the company level and press Muokkaa
4. Select API tab
5. Click + on table header to generate a new API key
6. Copy and securely store your API key

Preferable ask the company’s administrator that has Mando credentials to generate the API key for you. Mando support needs customer’s permission to generate and distribute API keys.

Note

The API key is a JWT token that looks like this: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJsb2dnZWRJbkFzIjoiYWRtaW4iLCJpYXQiOjE0MjI3Nzk2Mzh9.gzSraSYS8EXBxLN _oWnFSRgCzcmJmMjLiuyu5CSpyHI If you get something like this, it’s not a valid token: e3e90351-a077-49b2-9777-3cc427e723a7

Caution

API keys grant full access to your account. Never expose them in client-side code or public repositories.

The API keys are guaranteed to be valid until 2026-12-31. Check this page for updates.

Using Your API Key

Include the API key in the Authorization header of every request:

curl -X GET "https://www.mando.fi/api/secure/plu" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json"

Error Responses

Status	Description
401	Missing or invalid API key
403	API key lacks required permissions
429	Rate limit exceeded

Example error response: