Authentication flow
The following diagram illustrates the basic authentication flow when making a request to the Posta API: This process ensures that only authenticated clients can access the Posta API.Your API keys
Your Posta account comes with pre-generated API keys. To view or manage them:- Log in to your Posta Dashboard
- Click on your avatar in the top right corner
- Select Developers from the dropdown menu
- Navigate to the API Keys tab
Store your API keys securely. Do not share them or expose them in publicly accessible areas such as GitHub repositories or client-side code.
Using your API key
Include your API key in theX-Api-Key header with every API request:
Authentication examples
Here’s an example of how to include your API key in a cURL request:API key types
Posta provides two types of API keys:- Test keys: Used for testing and development. These start with
sk_test_. - Live keys: Used for production. These start with
sk_.
Best practices
- Rotate keys regularly: Generate new API keys periodically and update your applications.
- Store your keys securely: Store your API key in a secure storage such as AWS Secrets Manager or Azure KeyVault.
- Implement access controls: Restrict API key access to only the necessary personnel and systems.
Troubleshooting
If you encounter authentication issues, consider the following:- Ensure you’re using the correct API key for your environment (test or live).
- Check that the API key is correctly formatted in the
X-Api-Keyheader. - Verify that your API key hasn’t expired or been revoked.