Authentication

Every request is authenticated with a PosteAhora API key, scoped to exactly what the integration needs.

API keys

Create keys in the app under API. A key is shown once — store it like a password. Keys look like pah_live_… (production) or pah_test_… (sandbox). Creating keys requires an Essentials plan or higher.

header
Authorization: Bearer pah_live_xxxxxxxxxxxxxxxx

Send it on every request. A missing or invalid key returns 401.

Scopes

Each key carries a set of scopes. A call missing the required scope returns 403 — grant only what the integration needs.

ideas:readList ideas
ideas:writeCreate / update / delete ideas
posts:readList and read posts
posts:writeCreate / update / delete / publish posts
analytics:readRead post analytics
accounts:readList connected social accounts
media:writeRequest presigned media upload URLs

Errors & rate limits

Errors have the shape { "error": "message" }. Rate limiting is per key (429 when exceeded); your account’s monthly post quota still applies to publishing.

400Invalid request (bad body, bad scheduledAt, unknown status, …)
401Missing or invalid API key
403Key lacks the required scope
404Resource not found (or not owned by the key’s user)
429Rate limit exceeded
5xxServer error