Authentication
How to authenticate with the Playgun API
Authentication
The Playgun API uses API keys for authentication. All requests must include a valid API key in the Authorization header.
Creating an API Key
- Open Parable and navigate to Settings
- Click on API Keys
- Click Create New Key
- Give your key a descriptive name (e.g., "My Blog API")
- Copy the key - you won't be able to see it again!
Using Your API Key
Include your API key in the Authorization header using the Bearer scheme:
curl -H "Authorization: Bearer pk_live_your_api_key" \
https://aware-squirrel-935.convex.site/api/v1/parable/articlesKey Format
API keys follow this format:
pk_live_xxxxxxxxxxxxxxxxxxxxpk_- Key type prefixlive_- Environment (live for production)xxxx...- Random unique identifier
Security Best Practices
- Never expose keys in client-side code - API keys should only be used in server-side code
- Use environment variables - Store keys in
.envfiles, never commit them to version control - Rotate keys regularly - Create new keys and revoke old ones periodically
- Use separate keys per environment - Have different keys for development and production
Error Responses
Missing Authorization Header
{
"error": "Missing or invalid Authorization header. Expected: Bearer <api_key>"
}Invalid API Key Format
{
"error": "Invalid API key format"
}Invalid or Expired Key
{
"error": "Invalid or expired API key"
}Rate Limiting
Currently, there are no strict rate limits on the API. However, we reserve the right to implement limits to ensure fair usage.
Permissions
API keys can be scoped to specific products and permissions:
| Permission | Description |
|---|---|
read:articles | Read published articles from Parable |
When creating an API key, you can select which permissions to grant.