API keys quickstart
PromptEden API keys let server-side agents and internal tools call the v1 REST API and hosted MCP. Keys are scoped, start with `pe_`, are shown once at creation time, and can be passed in either the Authorization bearer header or X-API-Key header.
Prerequisites
You need:
- A PromptEden workspace with API access.
- Owner or admin access to create keys.
- A key scope set that matches the routes you plan to call.
Supported scopes are:
account:read
monitors:read
monitors:write
results:read
projects:read
projects:write
content:read
content:write
Create a key
PromptEden API keys start with pe_ followed by 32 hexadecimal characters. The raw key is shown once and cannot be retrieved later.
You can create a key in PromptEden, or use the session-authenticated API key route as a signed-in owner/admin:
curl -X POST https://app.prompteden.com/api/v1/keys \
-H 'Content-Type: application/json' \
--data '{
"name": "Claude Code",
"scopes": ["account:read", "projects:read", "monitors:read", "results:read", "content:read"]
}'
Store the returned key securely. PromptEden returns it only once.
First request: list monitors
Use the key as a bearer token:
curl https://app.prompteden.com/api/v1/monitors \
-H "Authorization: Bearer pe_..."
You can also use X-API-Key:
curl https://app.prompteden.com/api/v1/monitors \
-H "X-API-Key: pe_..."
GET /api/v1/monitors requires monitors:read and returns:
{
"monitors": []
}
An empty array means the key works and the workspace has no monitors yet.
Common REST endpoints
The v1 API route catalog includes:
GET /api/v1/account
GET /api/v1/projects
POST /api/v1/projects
GET /api/v1/monitors
POST /api/v1/monitors
GET /api/v1/monitors/:monitorId/results
GET /api/v1/monitoring/providers
GET /api/v1/content/topics
POST /api/v1/content/topics
PATCH /api/v1/content/topics/:topicId
GET /api/v1/content/articles
POST /api/v1/content/articles
GET /api/v1/content/articles/:articleId
PATCH /api/v1/content/articles/:articleId
POST /api/v1/content/articles/:articleId/publish
GET /api/v1/displacement-scan/preview
POST /api/v1/displacement-scan/preview
GET /api/v1/agent/status
Use idempotency keys on state-creating writes when your agent may retry.
API keys with hosted MCP
The same pe_ key can authenticate hosted MCP:
{
"mcpServers": {
"prompteden": {
"url": "https://app.prompteden.com/api/mcp",
"headers": {
"Authorization": "Bearer pe_..."
}
}
}
}
For read tools, the result returns directly. For hosted MCP write tools, PromptEden returns approval_required with a browser deep link and an approval ID for check_approval.
Troubleshooting
401 unauthorized. No API key was found. Pass Authorization: Bearer <key> or X-API-Key.
401 invalid_api_key. The key is invalid, revoked, malformed, or expired.
403 plan_limit. API access is not included in the current workspace plan.
403 insufficient_scope. The key is valid but missing the scope required by that route. For example, monitor listing requires monitors:read.
403 oauth_write_not_allowed. You used an OAuth connector token on a raw REST write route. Use hosted MCP for approval-gated writes.
429 rate_limit_exceeded. The key exceeded its per-minute request limit. Retry after the Retry-After header value.