Getting started with the external API
MEA’s external public API (/api/external/v2/*) lets your business
applications (ERP, third-party integrations) archive and read documents
programmatically, without any human interface. The API is regional: use
https://api.eu.mearchiver.com (EU) or https://api.us.mearchiver.com (US).
A key may be restricted to specific archive types and can only modify
archives it created itself (provenance).
1. Obtain an API key
External API keys are created by a tenant administrator from Settings → Security → External API keys. A key has the form:
mea_ext_{prefix}_{secret}mea_ext_— fixed prefix distinguishing an external key from an inter-instance synchronization key (mea_). The two are never interchangeable.{prefix}— public identifier of the key (visible in logs).{secret}— secret part, shown only once at creation time. Store it in a secrets vault, never in code.
2. The scopes model
Each key carries one or more scopes. A request is rejected
(400 EXTERNAL_API_KEY_INVALID_SCOPES) if the key lacks the scope required by
the endpoint.
| Scope | Allows |
|---|---|
external:archives:read | List and read archive folders |
external:archives:write | Create and update archive folders |
external:documents:read | Read document metadata and content |
external:documents:write | Upload documents |
Apply the principle of least privilege: grant only the scopes strictly required by the integration.
3. The authentication header
Every request must carry the key in the X-Api-Key header:
X-Api-Key: mea_ext_a1b2c3_YOUR_SECRETThe matching authentication scheme is ExternalApiKey. No other method
(Bearer JWT, cookie) is accepted on /api/external/v2.
4. First authenticated request
List the archive types your key is allowed to use, then the (approved) archives:
curl -s https://api.eu.mearchiver.com/api/external/v2/archive-types \
-H "X-Api-Key: mea_ext_a1b2c3_YOUR_SECRET"
curl -s https://api.eu.mearchiver.com/api/external/v2/archives \
-H "X-Api-Key: mea_ext_a1b2c3_YOUR_SECRET"5. The response envelope
Every response uses a stable snake_case JSON envelope. List endpoints return a
paged object (items/total/offset/limit):
{
"success": true,
"data": {
"items": [
{
"id": "8f1c0e2a-3b4d-4e5f-9a0b-1c2d3e4f5a6b",
"title": "Supplier contracts 2026",
"submission_status": "VALIDATION_APPROVED",
"created_at": "2026-06-08T09:30:00Z"
}
],
"total": 1,
"offset": 0,
"limit": 50
}
}On error, the envelope carries a typed error object:
{
"success": false,
"error": {
"code": "EXTERNAL_API_KEY_INVALID_SCOPES",
"message": "The API key does not have the required scopes."
}
}Continue with the concepts then the integration guide.