Authentication
Authentication
Part of the Getting Started flow. The Postscale API uses API keys for authentication. Include your API key in the Authorization header of every request.
Getting Your API Key
- Log in to the Postscale Dashboard
- Navigate to Settings → API Keys
- Click Create API Key
- Give your key a descriptive name (e.g., "Production Backend")
- Copy the key immediately — it won't be shown again
Using Your API Key
Include your API key in the Authorization header with the Bearer prefix:
curl -X GET https://api.postscale.io/v1/emails \
-H "Authorization: Bearer ps_live_abc123xyz"
API Key Types
Postscale provides two types of API keys:
| Type | Prefix | Purpose |
|---|---|---|
| Live | ps_live_ | Production use, sends real emails |
| Test | ps_test_ | Development/testing, emails are not delivered |
Test keys allow you to develop and test your integration without sending actual emails or affecting your quotas.
SDK Authentication
Node.js
import { Postscale } from '@postscale/sdk';
const postscale = new Postscale('ps_live_your_api_key');
// All subsequent calls are authenticated
await postscale.emails.send({ ... });
Python
from postscale import Postscale
client = Postscale(api_key='ps_live_your_api_key')
# All subsequent calls are authenticated
client.emails.send(...)
Go
import "github.com/postscale/postscale-go"
client := postscale.NewClient("ps_live_your_api_key")
// All subsequent calls are authenticated
client.Emails.Send(ctx, &postscale.SendEmailParams{...})
Security Best Practices
API keys grant full access to your account. Never commit them to version control or expose them in client-side code.
Recommended Practices
- Use environment variables: Store API keys in environment variables, not in code
- Rotate keys regularly: Create new keys and deprecate old ones periodically
- Use separate keys: Use different keys for development, staging, and production
- Limit permissions: Create scoped keys when available (coming soon)
- Monitor usage: Check the dashboard regularly for unexpected activity
Environment Variables Example
# .env file (never commit this!)
POSTSCALE_API_KEY=ps_live_abc123xyz
// Load from environment
const postscale = new Postscale(process.env.POSTSCALE_API_KEY);
Rate Limits
API requests are rate-limited based on your plan:
| Plan | Requests/Second |
|---|---|
| Starter | 10 |
| Growth | 100 |
| Scale | 1,000 |
| Enterprise | Custom |
Exceeding rate limits returns a 429 Too Many Requests response. Implement exponential backoff in your integration.
Revoking Keys
To revoke an API key:
- Go to Settings → API Keys in the dashboard
- Find the key you want to revoke
- Click the Revoke button
- Confirm the action
Revoked keys immediately stop working. Update your applications before revoking active keys.