P
Postscale
Sign Up
← Back to docs

Authentication

Authentication

Part of the Getting Started flow. The Postscale API uses API keys for authentication. Include your API key in the Authorization header of every request.

Getting Your API Key

  1. Log in to the Postscale Dashboard
  2. Navigate to SettingsAPI Keys
  3. Click Create API Key
  4. Give your key a descriptive name (e.g., "Production Backend")
  5. Copy the key immediately — it won't be shown again

Using Your API Key

Include your API key in the Authorization header with the Bearer prefix:

curl -X GET https://api.postscale.io/v1/emails \
  -H "Authorization: Bearer ps_live_abc123xyz"

API Key Types

Postscale provides two types of API keys:

TypePrefixPurpose
Liveps_live_Production use, sends real emails
Testps_test_Development/testing, emails are not delivered

Test keys allow you to develop and test your integration without sending actual emails or affecting your quotas.

HTTP Authentication

Every API request uses the same bearer-token header:

Authorization: Bearer ps_live_your_api_key

For JSON requests, also include:

Content-Type: application/json

Example send request:

curl -X POST https://api.postscale.io/v1/send \
  -H "Authorization: Bearer ps_live_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{
    "from": "hello@yourapp.com",
    "to": ["user@example.com"],
    "subject": "Welcome",
    "html_body": "<p>Hello</p>"
  }'

Security Best Practices

Never expose your API key

API keys grant full access to your account. Never commit them to version control or expose them in client-side code.

Recommended Practices

  1. Use environment variables: Store API keys in environment variables, not in code
  2. Rotate keys regularly: Create new keys and deprecate old ones periodically
  3. Use separate keys: Use different keys for development, staging, and production
  4. Limit permissions: Create scoped keys when available (coming soon)
  5. Monitor usage: Check the dashboard regularly for unexpected activity

Environment Variables Example

# .env file (never commit this!)
POSTSCALE_API_KEY=ps_live_abc123xyz

// Load from environment
const apiKey = process.env.POSTSCALE_API_KEY;

Rate Limits

API requests are rate-limited based on your plan:

PlanRequests/Second
Starter10
Growth100
Scale1,000
EnterpriseCustom

Exceeding rate limits returns a 429 Too Many Requests response. Implement exponential backoff in your integration.

Revoking Keys

To revoke an API key:

  1. Go to SettingsAPI Keys in the dashboard
  2. Find the key you want to revoke
  3. Click the Revoke button
  4. Confirm the action

Revoked keys immediately stop working. Update your applications before revoking active keys.