Authentication
Send your API key in either header on every request. Keys are minted in the dashboard and shown once.
The API is available to paying accounts — an active subscription or at least one completed credit-pack purchase. Free accounts can browse the dashboard, but /v1 calls return 403 until a payment is on file.
Send the key
auth header
-H "Authorization: Bearer pb_live_xxx"
# or
-H "x-api-key: pb_live_xxx"headers = {"Authorization": f"Bearer {API_KEY}"}const headers = { Authorization: `Bearer ${apiKey}` };Rotating a key
- Create a new key first — do not break running integrations.
- Update your services to use it.
- Revoke the old key from the dashboard.
Keep keys server-side A leaked
pb_live_ key can spend your whole balance. Store it in a secret manager — never ship it to a browser or commit it.