Documentation
All endpoints require Authorization: Bearer mw_live_xxx except webhooks and auth.
Include your API key in every request header:
curl -H "Authorization: Bearer mw_live_xxx" \ https://mentionwatch.mlh.one/api/me
GET/api/me
Your account info: plan, keyword count, mention usage, webhook URL.
POST/api/keywords
Create a keyword to monitor. Body: {"keyword": "my-product"}
GET/api/keywords
List all your keywords.
DELETE/api/keywords/:id
Delete a keyword by ID.
POST/api/webhooks
Set your webhook URL. Body: {"url": "https://..."}
GET/api/webhooks
Get your current webhook configuration.
POST/api/webhooks/test
Send a test webhook payload to your configured URL.
GET/api/mentions
List recent mentions. Optional: ?limit=50
{
"id": "mw_evt_2xKj9mPq",
"keyword": "my-product",
"source": "hackernews",
"type": "story",
"title": "Show HN: My Product",
"text": "...",
"author": "username",
"url": "https://news.ycombinator.com/item?id=...",
"source_url": "https://my-product.com",
"timestamp": "2026-04-10T09:15:00Z",
"delivered_at": "2026-04-10T09:15:12Z"
}Every webhook includes an X-MentionWatch-Signature header.
Node.js
const crypto = require('crypto');
const signature = req.headers['x-mentionwatch-signature'];
const expected = 'sha256=' + crypto
.createHmac('sha256', WEBHOOK_SECRET)
.update(JSON.stringify(req.body))
.digest('hex');
const valid = signature === expected;Python
import hmac, hashlib
signature = request.headers.get('X-MentionWatch-Signature')
expected = 'sha256=' + hmac.new(
WEBHOOK_SECRET.encode(), request.data, hashlib.sha256
).hexdigest()
valid = hmac.compare_digest(signature, expected)auth_required 401 — Missing or invalid API key
invalid_keyword 400 — Keyword validation failed
keyword_limit_exceeded 403 — Plan keyword limit reached
duplicate_keyword 409 — Keyword already exists
keyword_not_found 404 — Keyword ID not found
invalid_webhook_url 400 — URL must be public HTTPS
webhook_not_configured 400 — Set webhook URL first