Authentication
Every request is authenticated with a PosteAhora API key, scoped to exactly what the integration needs.
API keys
Create keys in the app under API. A key is shown once — store it like a password. Keys look like pah_live_… (production) or pah_test_… (sandbox). Creating keys requires an Essentials plan or higher.
header
Authorization: Bearer pah_live_xxxxxxxxxxxxxxxxSend it on every request. A missing or invalid key returns 401.
Scopes
Each key carries a set of scopes. A call missing the required scope returns 403 — grant only what the integration needs.
ideas:readList ideasideas:writeCreate / update / delete ideasposts:readList and read postsposts:writeCreate / update / delete / publish postsanalytics:readRead post analyticsaccounts:readList connected social accountsmedia:writeRequest presigned media upload URLsErrors & rate limits
Errors have the shape { "error": "message" }. Rate limiting is per key (429 when exceeded); your account’s monthly post quota still applies to publishing.
400Invalid request (bad body, bad scheduledAt, unknown status, …)401Missing or invalid API key403Key lacks the required scope404Resource not found (or not owned by the key’s user)429Rate limit exceeded5xxServer error