Authentication

All PostBoost API requests are authenticated with a Bearer token.

Generating a token

Log in to your PostBoost dashboard
Go to Settings → Access Tokens
Click Create Token, enter a name, and copy the token

warning

Tokens are shown only once. Store them securely — treat them like passwords.

Using the token

Include the token in the Authorization header of every request:

Authorization: Bearer YOUR_API_TOKEN

Example:

curl https://postboost.co/app/api/{workspaceUuid}/posts \
  -H "Authorization: Bearer YOUR_API_TOKEN"

Token scopes

PostBoost tokens grant access to the workspace(s) associated with your account. A single token can be used for all workspace-scoped endpoints. Admin panel endpoints (/panel/*) require the token to belong to an admin user.

Revoking tokens

Revoke tokens any time in Settings → Access Tokens by deleting them. Revoked tokens are immediately invalidated.

Environment variables

Never hard-code tokens in source code. Use environment variables:

# .env
POSTBOOST_API_TOKEN=your_token_here

import os
token = os.environ["POSTBOOST_API_TOKEN"]

const token = process.env.POSTBOOST_API_TOKEN;

Error responses

Code	Meaning
`401 Unauthenticated`	Token is missing or invalid
`403 Forbidden`	Token is valid but lacks permission for this resource

See Error Handling for full details.

Generating a token​

Using the token​

Token scopes​

Revoking tokens​

Environment variables​

Error responses​