PowerPost APIv1
PowerPost APIv1
PowerPost APIQuickstartAuthenticationWorkspacesInput Types

API Reference

Upload MediaGenerate ContentGenerationsGenerate ImagesPosts & PublishingGet Credits

Guides

WebhooksError CodesChangelog

Authentication

How to authenticate with the PowerPost API using API keys.

All API requests require authentication via an API key.

Getting an API Key

  1. Log in to your PowerPost dashboard
  2. Navigate to Settings → API
  3. Click Create API Key
  4. Give it a name and copy the key
Your API key is only shown once. Store it securely!

Using Your API Key

Include your key in the x-api-key header:

curl https://powerpost.ai/api/v1/account/credits \
  -H "x-api-key: pp_live_sk_YOUR_KEY_HERE"

Or use Authorization: Bearer:

curl https://powerpost.ai/api/v1/account/credits \
  -H "Authorization: Bearer pp_live_sk_YOUR_KEY_HERE"

Key Format

PowerPost API keys follow this format:

pp_live_sk_{random_string}
  • pp — PowerPost prefix
  • live — Production key (test keys may be added later)
  • sk — Secret key
  • {random} — Unique identifier

Key Types

When creating an API key, you choose its permission level:

TypeValuePermissions
Full Accessread_writeAll endpoints including publishing
Draft Onlyread_draftAll endpoints except POST /posts/{id}/publish

Key type is set at creation and cannot be changed. To change a key's type, revoke it and create a new one.

Draft Only Keys

Draft only keys (read_draft) can:

  • Generate content and images
  • Create and manage draft posts
  • Upload media
  • Read all data (generations, posts, credits)

They cannot:

  • Publish posts (POST /posts/{id}/publish returns 403 Forbidden)

Use draft only keys in environments where you want to prepare content without the risk of accidentally publishing.

Workspace Scoping

All content endpoints require an X-Workspace-Id header to specify which workspace the request targets. See Workspaces for full details on workspace scoping, finding your workspace ID, and which endpoints require it.

Requirements

API access is available to all authenticated users with a valid API key. Credits are required for content generation and publishing.

Key Management

  • Maximum keys: 10 per account
  • Key types: Full Access (read_write) or Draft Only (read_draft)
  • Immutable type: Key type cannot be changed after creation
  • Revocation: Revoke compromised keys immediately in Settings
  • Last used: Track when each key was last used

Security Best Practices

  1. Never commit keys to source control — Use environment variables
  2. Rotate keys periodically — Create new keys and revoke old ones
  3. Use separate keys for different environments or services
  4. Monitor usage — Check the dashboard for unexpected activity

Quickstart

Generate captions, create images, and publish — in under 5 minutes.

Workspaces

How workspaces organize your content, connections, and settings.

On this page

Getting an API KeyUsing Your API KeyKey FormatKey TypesDraft Only KeysWorkspace ScopingRequirementsKey ManagementSecurity Best Practices