Authentication
All API requests require authentication via an API key. Keys are passed in the Authorization header.
Getting an API Key
Section titled “Getting an API Key”- Create an account at pulls.app
- Navigate to Settings → API Keys
- Click Create API Key
- Copy your key immediately - it won’t be shown again
Using Your API Key
Section titled “Using Your API Key”Include the key in the Authorization header with a Bearer prefix:
curl -H "Authorization: Bearer pk_live_abc123..." \ https://api.pulls.app/v1/cardsimport { PullsAPI } from '@pulls/sdk'
const pulls = new PullsAPI({ apiKey: process.env.PULLS_API_KEY})
const cards = await pulls.cards.list()import osfrom pulls import PullsAPI
pulls = PullsAPI(api_key=os.environ["PULLS_API_KEY"])cards = pulls.cards.list()Key Types
Section titled “Key Types”| Type | Prefix | Use Case |
|---|---|---|
| Live | pk_live_ | Production applications |
| Test | pk_test_ | Development and testing |
Test keys have the same rate limits as your plan but don’t affect usage quotas.
Key Permissions
Section titled “Key Permissions”API keys have full read access to all public endpoints. Write operations (creating listings, managing collections) require additional scopes.
| Scope | Description |
|---|---|
read | Default. Access cards, sets, prices. |
collections:write | Manage user collections |
marketplace:write | Create/manage listings |
Rotating Keys
Section titled “Rotating Keys”To rotate a key:
- Create a new key
- Update your applications
- Delete the old key
Keys can be deleted at any time from your dashboard.
Error Responses
Section titled “Error Responses”Invalid or missing authentication returns a 401 Unauthorized:
{ "_tag": "Unauthorized", "message": "Invalid or missing API key"}Expired or revoked keys also return 401.