PromptAds Docs

Authentication

Every request to the PromptAds API must be authenticated with your publisher API key. The key is provisioned automatically when you create an account and is scoped to your publisher profile only.

Getting your key

Your API key is available in the Publisher Dashboard immediately after signup. Format: pub_<32 hex chars>.

example

pub_a3f8c2d91e4b5f7a8c9d0e1f2a3b4c5d

Sending the key

Two options, both supported. Pick whichever fits your stack:

Option A — header (recommended):

http header

x-api-key: pub_YOUR_KEY

Option B — body field:

json

{
  "apiKey": "pub_YOUR_KEY",
  "query": "how to invest 1000 dollars"
}

Key rotation

If your key is leaked, rotate it immediately from the Publisher Dashboard, or call the rotation endpoint directly:

http

POST /api/v1/publisher/rotate-key
Content-Type: application/json

{
  "publisherId": "uuid-from-supabase"
}

Warning: Rotating a key invalidates the old one instantly. Any integration still using the old key will start receiving 401 errors.

Security best practices

Never expose your API key in client-side code or commit it to git.
Call the PromptAds API from your backend, then pass the sanitized response to your frontend.
If you suspect exposure, rotate immediately — the old key is killed on rotation.
Rotate at least once per quarter as a hygiene measure.