PowerPost APIv1
PowerPost APIv1
PowerPost APIQuickstartAuthenticationWorkspacesInput Types

API Reference

Upload MediaGenerate ContentGenerationsGenerate ImagesGenerate VideosPosts & PublishingAnalyticsCalendarGet Credits

Guides

WebhooksError CodesChangelog

Authentication

How to authenticate with the PowerPost API using API keys.

All API requests require authentication via an API key.

Getting an API Key

  1. Log in to your PowerPost dashboard
  2. Navigate to Settings → API
  3. Click Create API Key
  4. Give it a name and copy the key
Your API key is only shown once. Store it securely!

Using Your API Key

Include your key in the x-api-key header:

curl https://powerpost.ai/api/v1/account/credits \
  -H "x-api-key: pp_live_sk_YOUR_KEY_HERE"

Or use Authorization: Bearer:

curl https://powerpost.ai/api/v1/account/credits \
  -H "Authorization: Bearer pp_live_sk_YOUR_KEY_HERE"

Key Format

PowerPost API keys follow this format:

pp_live_sk_{random_string}
  • pp — PowerPost prefix
  • live — Production key (test keys may be added later)
  • sk — Secret key
  • {random} — Unique identifier

Permissions (Scopes)

Each API key carries a set of scopes — resource:action permissions that control exactly what the key can do. You pick the scopes when you create the key. Every endpoint requires one scope; a request made with a key that lacks it returns 403 INSUFFICIENT_SCOPE, and the response names the missing scope.

Available scopes

ScopeGrants
account:readRead the credit balance
content:readList and read caption generations
content:generateGenerate captions — spends credits
images:readRead image generations
images:generateGenerate images — spends credits
videos:readRead video generations
videos:generateGenerate videos — spends credits
media:writeUpload media files
posts:readList and read posts
posts:writeCreate posts
posts:publishPublish, schedule, and cancel posts
calendar:readRead calendar entries
calendar:writeCreate and edit calendar entries
analytics:readRead post analytics

The *:generate scopes spend credits on every call. Only grant them to keys that need to create content.

Presets

The key-creation dialog has three one-click presets:

  • Full access — every scope, including posts:publish.
  • Draft only — every scope except posts:publish. Prepare content without the risk of publishing.
  • Read only — the *:read scopes. No generation, no writes.

Tick individual scopes for anything in between.

Scopes are set at creation and cannot be changed. To adjust a key's permissions, revoke it and create a new one.

Workspace Scoping

All content endpoints require an X-Workspace-Id header to specify which workspace the request targets. See Workspaces for full details on workspace scoping, finding your workspace ID, and which endpoints require it.

Requirements

API access is available to all authenticated users with a valid API key. Credits are required for content generation and publishing.

Key Management

  • Maximum keys: 10 per account
  • Scopes: chosen at creation from the table above; immutable afterwards
  • Revocation: revoke compromised keys immediately in Settings
  • Last used: track when each key was last used

Security Best Practices

  1. Never commit keys to source control — Use environment variables
  2. Rotate keys periodically — Create new keys and revoke old ones
  3. Use separate keys for different environments or services
  4. Monitor usage — Check the dashboard for unexpected activity

Quickstart

Generate captions, create images, and publish — in under 5 minutes.

Workspaces

How workspaces organize your content, connections, and settings.

On this page

Getting an API KeyUsing Your API KeyKey FormatPermissions (Scopes)Available scopesPresetsWorkspace ScopingRequirementsKey ManagementSecurity Best Practices