M Motionworks Population Intelligence
  • Pricing

API reference

Motionworks API v2 is a Cloudflare Workers-based REST API at api2.mworks.com/v2. It is the successor to the legacy Intermx API and is the recommended platform for new integrations.

Base URL

https://api2.mworks.com/v2

api2.mworks.com is the canonical Motionworks API host. Use it for all production traffic.

Authentication

Two authentication patterns are supported:

API key (X-API-Key header)

Server-to-server flow. Recommended for backend integrations. Issue a long-lived key per integration via the portal at app2.mworks.com; rotate by minting a new key and revoking the old one.

Bearer JWT (Supabase OAuth)

Portal / PLG flow. JWTs are obtained via the in-app sign-in flow at app2.mworks.com and forwarded as Authorization: Bearer <jwt>. JWTs expire and rotate with the user session — they are not long-lived secrets.

Calling an authenticated endpoint with the API-key pattern:

curl https://api2.mworks.com/v2/markets \
  -H "X-API-Key: $MW_API_KEY"

Sandbox onboarding

Get a sandbox API key by signing up at app2.mworks.com. New accounts receive a 10 req/min sandbox-tier key automatically — no waitlist, no sales call. Verify the key with the public health endpoint: 

curl https://api2.mworks.com/v2/health \
  -H "X-API-Key: $MW_API_KEY"

Rate limits

TierLimitAudience
Sandbox10 req/minTrial keys, evaluation
Growth100 req/minProduction single-tenant integrations
Enterprise1,000 req/minHigh-volume enterprise integrations

Every response includes the rate-limit headers:

  • X-RateLimit-Limit — requests permitted in the current window.
  • X-RateLimit-Remaining — requests remaining in the current window.
  • Retry-After — seconds to wait before retrying, attached to 429 responses.

Error envelope

Every error response uses the same JSON shape. The X-Request-Id response header always matches the request_id field in the body — use it when filing support tickets. 

{
  "error": {
    "code": "RATE_LIMIT_EXCEEDED",
    "message": "Sandbox tier allows 10 requests per minute. Retry after 38s.",
    "status": 429,
    "request_id": "01HQ7K3W9V1F8X2YZ4M5N6P7QR",
    "product": "platform",
    "docs_url": "https://mworks.com/docs/api/#rate-limits"
  }
}

Stable error codes

CodeDescription
INVALID_API_KEYThe X-API-Key header is missing or does not match a known key.
EXPIRED_API_KEYThe X-API-Key header matches a known key, but the key has been revoked or expired.
INSUFFICIENT_CREDITSThe org's credit balance is below the cost of the requested call.
RATE_LIMIT_EXCEEDEDThe org has exceeded its tier's per-minute request quota.
NOT_FOUNDThe requested resource (segment, market, place, path, etc.) does not exist.
VALIDATION_ERRORRequest parameters or body failed schema validation.
INTERNAL_ERRORAn unexpected error occurred. The request was logged with X-Request-Id.
DATA_UNAVAILABLEThe endpoint and field are valid, but no data is available for the requested period or geography.
UPSTREAM_UNAVAILABLEA credentialed external upstream returned a non-OK response. Typically transient and retryable; distinct from DATA_UNAVAILABLE, which usually indicates a deploy-config issue.
NOT_YET_AVAILABLEThe endpoint or field is on the published roadmap; data is not yet produced.
SCOPE_NOT_SUPPORTEDThe API key's scope is not supported for this endpoint. Only 'read' scope is honored in MVP; mint a read-scoped key via POST /v2/account/keys.
ORIGIN_NOT_ALLOWEDThe request's Origin header does not match the API key's allowed_origins list, the list is empty (key effectively disabled), or the key requires an Origin and none was provided. See ADR-25.
AMBIGUOUS_AUTHThe request includes more than one of {X-API-Key, Authorization Bearer, X-MW-Anon-Session}. Choose exactly one auth header per request.
INVALID_API_KEYThe X-API-Key header is missing or does not match a known key.
EXPIRED_API_KEYThe X-API-Key header matches a known key, but the key has been revoked or expired.
UNAUTHORIZEDSession-layer authentication failure (invalid, missing, or expired JWT, anonymous-session token, or admin credentials). Use INVALID_API_KEY for X-API-Key failures.
UNAUTHORIZEDSession-layer authentication failure (invalid, missing, or expired JWT, anonymous-session token, or admin credentials). Use INVALID_API_KEY for X-API-Key failures.
UNAUTHORIZEDSession-layer authentication failure (invalid, missing, or expired JWT, anonymous-session token, or admin credentials). Use INVALID_API_KEY for X-API-Key failures.
CONFLICTThe requested operation conflicts with the current resource state (e.g. concurrent session-extend on the same anonymous session). Retry with a fresh request id.

Code samples

Calling GET /v2/markets (defined on the platform spec) to list available DMAs / metro markets.

curl

curl https://api2.mworks.com/v2/markets \
  -H "X-API-Key: $MW_API_KEY"

Python (requests)

import os
import requests

resp = requests.get(
    "https://api2.mworks.com/v2/markets",
    headers={"X-API-Key": os.environ["MW_API_KEY"]},
    timeout=10,
)
resp.raise_for_status()
markets = resp.json()["data"]
print(f"{len(markets)} markets")

JavaScript (fetch)

const resp = await fetch("https://api2.mworks.com/v2/markets", {
  headers: { "X-API-Key": process.env.MW_API_KEY },
});
if (!resp.ok) throw new Error(`HTTP ${resp.status}`);
const { data: markets } = await resp.json();
console.log(`${markets.length} markets`);

API reference

One Redoc-rendered reference per product, sourced from the OpenAPI 3.1 specs in api-mworks-com.

Platform (Markets, Segments, Auth, Billing)

Pathcast (Paths, Viewsheds, Traffic)

Placecast (Foot Traffic)

Places Library

Popcast (Population Intelligence)

Popcast Ambient API

Popcast Attention API

Popcast Change API

Popcast Conscience API

Popcast Reporting API

Popcast Signal API

Redemption

Set Dynamics (Campaign Reach & Frequency)

Viewcast (Inventory Profiles)

Download specs

OpenAPI YAMLs are available for download:

Contact

Questions or want enterprise access? Email api@mworks.com.