Skip to main content

API Key Authentication

Postiz uses API key authentication for all public API requests. Include your API key in the Authorization header of every request.

Getting Your API Key

  1. Log in to your Postiz dashboard
  2. Navigate to SettingsAPI Keys
  3. Click Generate New API Key
  4. Copy your API key and store it securely
Keep your API key secret! It provides full access to your account. Never commit it to version control or share it publicly.

Using Your API Key

Include the API key in the Authorization header: 
curl https://api.postiz.com/public/v1/integrations \
  -H "Authorization: YOUR_API_KEY" \
  -H "Content-Type: application/json"

OAuth Tokens

Postiz also supports OAuth 2.0 tokens for API authentication. OAuth tokens start with the prefix pos_. When using an OAuth token, include it in the Authorization header the same way as an API key: 
curl https://api.postiz.com/public/v1/integrations \
  -H "Authorization: pos_YOUR_OAUTH_TOKEN"

Environment Variables

For security best practices, store your API key as an environment variable: 
# Set the environment variable
export POSTIZ_API_KEY="your_api_key_here"

# Use with cURL
curl https://api.postiz.com/public/v1/integrations \
  -H "Authorization: $POSTIZ_API_KEY"

Self-Hosted Instances

If you’re using a self-hosted Postiz instance, you can specify a custom API URL: 
const postiz = new Postiz(
  'YOUR_API_KEY',
  'https://your-domain.com'  // Custom API URL
);

Authentication Errors

401 Unauthorized

You’ll receive a 401 status code if:
  • No API key is provided
  • The API key is invalid
  • The API key has been revoked
{
  "msg": "Invalid API key"
}

Missing Subscription

For cloud instances with Stripe enabled, you must have an active subscription: 
{
  "msg": "No subscription found"
}

Best Practices

Generate new API keys periodically and revoke old ones to minimize security risks.
Never hardcode API keys in your source code. Use environment variables or secure vaults.
If building a multi-tenant application, generate separate API keys for each organization.
Track API usage to detect unauthorized access or unusual patterns.

Next Steps

Rate Limits

Learn about API rate limiting

Create a Post

Make your first authenticated request

Build docs developers (and LLMs) love

Get started for freeTalk to us