API Keys
Every request requires a Bearer token in theAuthorization header:
- Start with
pk_ - Are 36 characters long (
pk_+ 32 hex) - Never expire, but can be revoked anytime in the dashboard
- Are tied to an “app” (environment) within your organization
Getting an API key
Options:- Dashboard (human) — prompt-wall.com/dashboard
- Signup API (programmatic) —
POST /signup - Admin CLI (for provisioning customers) —
provision_customer.py
Revoking
Dashboard → Apps → your app → Revoke button. Revoked keys return401.
JWT tokens (browser / frontend)
The dashboard uses short-lived JWT tokens issued by/auth/login. Not
recommended for backend integrations — use API keys instead.