Skip to main content

Authentication

Mixpanel APIs support multiple authentication methods depending on the endpoint you’re using.

Authentication Methods

Service Account

Service accounts provide programmatic access to Mixpanel APIs. This is the recommended method for server-to-server integrations. Use Cases:
  • Import API
  • Query API
  • Management APIs (Annotations, Lexicon, etc.)
Authentication: 
curl https://mixpanel.com/api/query/insights \
  -u SERVICE_ACCOUNT_USERNAME:SERVICE_ACCOUNT_SECRET \
  -d project_id=YOUR_PROJECT_ID
You can create service accounts in Project Settings > Service Accounts.

Project Secret

Project secrets are used for certain API endpoints that require project-level authentication. Use Cases:
  • Import API
  • Raw Event Export API
  • Data Pipelines API
Authentication: 
curl https://data.mixpanel.com/api/2.0/export \
  -u YOUR_PROJECT_SECRET: \
  -d from_date=2024-01-01 \
  -d to_date=2024-01-31
Note the colon (:) after the project secret when using Basic Auth. The password field is left empty.

Project Token

Project tokens are used for client-side event tracking. Use Cases:
  • Track API (client-side event tracking)
  • Engage API (user profile updates)
Authentication: 
curl https://api.mixpanel.com/track \
  -d 'data={"event":"Signed Up","properties":{"token":"YOUR_PROJECT_TOKEN","distinct_id":"user123"}}'
Your project token can be found in Project Settings > Project Details.

OAuth Token

OAuth tokens are used for GDPR and user-specific operations. Use Cases:
  • GDPR API (data retrieval and deletion)
Authentication: 
curl https://mixpanel.com/api/app/data-retrievals/v3.0 \
  -H "Authorization: Bearer YOUR_OAUTH_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"token":"YOUR_PROJECT_TOKEN","distinct_ids":["user123"]}'

Finding Your Credentials

Service Account Credentials

  1. Navigate to Project Settings
  2. Click Service Accounts
  3. Create a new service account or view existing ones
  4. Copy the username and secret

Project Secret

  1. Navigate to Project Settings
  2. Click Project Details
  3. Find your API Secret

Project Token

  1. Navigate to Project Settings
  2. Click Project Details
  3. Find your Project Token

Security Best Practices

Project secrets and service account credentials should only be used in server-side code. Use project tokens for client-side tracking.
Regularly rotate your service account credentials and project secrets to maintain security.
Store credentials in environment variables or secure secret management systems, never in source code.
Create service accounts with the minimum required permissions for their specific use case.

Quick Reference

APIAuth MethodCredential Location
Import EventsService Account or Project SecretProject Settings
Track EventsProject TokenProject Settings
Query APIService AccountProject Settings > Service Accounts
Export APIProject SecretProject Settings
GDPR APIOAuth TokenOAuth flow
Management APIsService AccountProject Settings > Service Accounts

Build docs developers (and LLMs) love

Get started for freeTalk to us