This page describes how authentication works today for the two programmatic surfaces in the MentionFox world: the MentionFox browser extension, and the separate FoxAPIs developer API at foxapis.com. Both use a simple, long-lived API key model. There is no OAuth flow today — you generate a key, you send it with each request, and you keep it secret.
The extension talks to MentionFox using a personal extension key tied to your account. You generate the key once and paste it into the extension's options; from then on the extension sends it on every call so MentionFox knows the request is yours.
X-Extension-Key header. Keys are prefixed (for example mfx_…) so they're easy to recognize.If you ever reload the extension and calls start failing, re-paste your key in the options screen — that field is the live credential the extension uses to authenticate.
FoxAPIs (at foxapis.com) is the standalone developer API product. It is a separate service with its own account, its own keys, and its own credits — a FoxAPIs key is not the same as your MentionFox extension key, and the two balances are independent.
Authorization header:curl -X POST https://api.foxapis.com/v1/<endpoint> \
-H "Authorization: Bearer YOUR_FOXAPIS_KEY" \
-H "Content-Type: application/json" \
-d '{ "query": "example" }'
Every authenticated FoxAPIs request validates the bearer token and is metered against your FoxAPIs credit balance. The live API explorer at foxapis.com/demo lets you try endpoints without a key first; once you have a key, paste it in to run against your own account.