Get started

Authentication

Every request authenticates with a secret API key in the Authorization header. Keys look like sk_live_… and carry full access to your account — treat them like a password.

Authenticate a request

curl https://api.postlake.dev/v1/me \
  -H "Authorization: Bearer sk_live_YOUR_KEY"

Creating & revoking keys

Keys are server-side only

PostLake keys are secret server-side keys (prefix sk_live_). There's no separate "publishable" key — every endpoint is server-to-server, so never embed a key in a browser, mobile app, or public repo.

Agents connect differently. If you're connecting an AI agent over MCP, it authenticates via OAuth — no API key is pasted into the chat. See MCP server.