Authentication
All API requests must include a valid API key in the Authorization header.
Creating an API key
- Go to Settings → API Keys in the PromptDeploy dashboard
- Click Create API key
- Give it a name (e.g. "Production backend", "Staging")
- Copy the key immediately — it's only shown once
API keys look like this:
pd_live_a1b2c3d4e5f6...
The pd_live_ prefix is always visible in the dashboard for identification. The full key is only shown at creation time.
Using your API key
Include the key as a Bearer token in the Authorization header:
curl -H "Authorization: Bearer pd_live_a1b2c3d4e5f6..." \
https://promptdeploy.com/api/v1/prompts/pmt_abc123/history
Ruby
require "net/http"
require "json"
uri = URI("https://promptdeploy.com/api/v1/prompts/pmt_abc123/history")
req = Net::HTTP::Get.new(uri)
req["Authorization"] = "Bearer #{ENV['PROMPTDEPLOY_API_KEY']}"
res = Net::HTTP.start(uri.hostname, uri.port, use_ssl: true) { |http| http.request(req) }
data = JSON.parse(res.body)
Python
import requests
headers = {"Authorization": f"Bearer {os.environ['PROMPTDEPLOY_API_KEY']}"}
response = requests.get(
"https://promptdeploy.com/api/v1/prompts/pmt_abc123/history",
headers=headers,
)
data = response.json()
JavaScript
const response = await fetch(
"https://promptdeploy.com/api/v1/prompts/pmt_abc123/history",
{
headers: {
Authorization: `Bearer ${process.env.PROMPTDEPLOY_API_KEY}`,
},
}
);
const data = await response.json();
Key security
- Store API keys in environment variables, never in source code
- Each key is scoped to a single organisation
- Keys can be revoked at any time from the API Keys page
- Revoked keys return
401 Unauthorizedimmediately - The
last_used_attimestamp is updated on each request, so you can audit usage
Unauthenticated requests
Requests without a valid API key receive a 401 response:
{
"error": {
"code": "unauthorized",
"message": "Invalid or missing API key"
}
}