Skip to main content

API Key Endpoints

Account management endpoints for API key operations use session-based authentication (browser cookies). They are designed to be called from the Puffle dashboard, not from your backend integration.
If you need to programmatically rotate API keys from your own backend, contact support — we can assist with a service-account flow.

Generate API Key

Creates a new API key for your account. Only one active key is permitted at a time. 
POST /api/v1/partners/api-key
Authentication: Session (browser cookie)

Response — 201 Created

{
  "api_key": "pk_live_abc123...",
  "created_at": "2026-04-20T10:00:00Z"
}
The full API key is returned only once at creation time. Copy it immediately — subsequent GET requests return only the masked form.

Get API Key Info

Returns metadata about the current active API key. 
GET /api/v1/partners/api-key
Authentication: Session (browser cookie)

Response

{
  "key_preview": "pk_live_abc1...",
  "created_at": "2026-04-20T10:00:00Z",
  "last_used_at": "2026-04-20T14:22:00Z"
}

Revoke API Key

Immediately invalidates the current API key. 
DELETE /api/v1/partners/api-key
Authentication: Session (browser cookie) Response: 204 No Content
Revocation is immediate. Any services using the revoked key will receive 401 on their next request. Generate and deploy a new key before revoking the old one to avoid downtime.

Webhook Portal

Returns a short-lived URL for the Svix webhook management portal. Open this URL in a browser to configure webhook endpoints, view delivery logs, and manage signing secrets. 
GET /api/v1/partners/portal
Authentication: Bearer token

Response

{
  "url": "https://app.svix.com/login?token=appPortal.eyJ..."
}
The returned URL expires after 5 minutes. See Webhooks for full webhook setup.