Authentication
Secure your API requests with Posta
Posta uses API keys to authenticate requests. You must include an API key in every request you make to our API. This section guides you through the process of obtaining and using API keys securely.
Authentication flow
The following diagram illustrates the basic authentication flow when making a request to the Posta API:
This process ensures that only authenticated clients can access the Posta API.
Your API keys
Your Posta account comes with pre-generated API keys. To view or manage them:
- Log in to your Posta Dashboard
- Click on your avatar in the top right corner
- Select Developers from the dropdown menu
- Navigate to the API Keys tab
Here you can view your existing API keys and rotate them if needed.
Store your API keys securely. Do not share them or expose them in publicly accessible areas such as GitHub repositories or client-side code.
Using your API key
Include your API key in the X-Api-Key header with every API request:
Authentication examples
Here’s an example of how to include your API key in a cURL request:
API key types
Posta provides two types of API keys:
- Test keys: Used for testing and development. These start with
sk_test_. - Live keys: Used for production. These start with
sk_.
Ensure you use the appropriate key for your environment.
Best practices
- Rotate keys regularly: Generate new API keys periodically and update your applications.
- Store your keys securely: Store your API key in a secure storage such as AWS Secrets Manager or Azure KeyVault.
- Implement access controls: Restrict API key access to only the necessary personnel and systems.
Troubleshooting
If you encounter authentication issues, consider the following:
- Ensure you’re using the correct API key for your environment (test or live).
- Check that the API key is correctly formatted in the
X-Api-Keyheader. - Verify that your API key hasn’t expired or been revoked.
If problems persist, contact our support team for assistance.