Skip to main content
Every v2 endpoint requires a bearer token. v1 keys (pl_v1_*) do not work - they’re managed by a separate system and the secrets aren’t recoverable. Mint a fresh v2 key.

Mint a key

  1. Open Settings → Integrations → API.
  2. Click Create API key.
  3. Pick a preset:
    • Full access - every scope. Equivalent to a v1 key.
    • Custom - check only the scopes you need.
  4. Copy the secret. It’s shown once and never again. If you lose it, revoke and mint a new one.
v2 keys are prefixed pl_v2_. The dashboard shows the first four characters after the prefix as a preview so you can distinguish keys without revealing the secret.

Use the key

Set the Authorization header on every request:
The workspace id is inferred from the key - you never pass it in the URL.

Scopes

Keys can be locked down to specific resources. The available scopes are:
admin is required for member management and webhook management. If a request hits an endpoint your key doesn’t have the scope for, we return 403 scope_required:
The details payload tells you exactly which scope to add. Edit the key in the dashboard and either widen the existing key’s scopes or mint a new, narrower one.

Verify a key

GET /me confirms the key is valid and tells you which workspace and scopes it carries:

Common auth errors

Rotate a key

  1. Mint a new key with the same scopes.
  2. Deploy it.
  3. Once traffic has moved over, revoke the old key in the dashboard.
There’s no atomic “rotate” endpoint - a brief overlap is the safe way to do it.