Poomi

Authentication

How to authenticate your API requests to Poomi

All Poomi API requests require authentication via an API key passed in the Authorization header.

Authentication Method

Include your API key in the Authorization header using the Bearer scheme:

curl https://www.poomi.pet/api/v1/{endpoint} \
  -H "Authorization: Bearer pk_your_api_key_here"

API Key Format

pk_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Keys use the pk_ prefix followed by a 32-character NanoID.

Authentication Errors

HTTP StatusError CodeDescription
401UNAUTHORIZEDMissing or invalid Authorization header
401INVALID_KEYThe API key does not exist
403KEY_DISABLEDThe API key has been disabled
403KEY_REVOKEDThe API key has been revoked
403KEY_EXPIREDThe API key has expired

Example Error Response

{
  "success": false,
  "error": {
    "code": "INVALID_KEY",
    "message": "Invalid API key"
  }
}

Security Recommendations

  • Use environment variables — Never hardcode API keys in source code
  • Server-side only — Make API calls from your backend, never expose keys in client-side code
  • Separate environments — Use different keys for development and production
  • Revoke compromised keys — If a key is exposed, revoke it immediately in the Developer Console

First API Call

Make your first API call to the Poomi platform

Billing

How billing and credits work on the Poomi platform

On this page

Authentication MethodAPI Key FormatAuthentication ErrorsExample Error ResponseSecurity Recommendations