API Keys
API keys provide programmatic access to the Pulse GTD API. Keys use the pgtd_ prefix and are hashed (SHA-256) before storage. The full key is only returned once at creation time.
Use API keys by including them as a Bearer token in the Authorization header:
Authorization: Bearer pgtd_your_api_key_here
GET /api/v1/api-keys
List all API keys for the authenticated user. The full key value is never returned after creation.
Response
[
{
"id": "clxk1a2b3...",
"name": "MCP Server",
"keyPrefix": "pgtd_abc1",
"lastUsedAt": "2026-03-22T14:30:00.000Z",
"createdAt": "2026-02-01T10:00:00.000Z"
}
]
Response Fields
| Field | Type | Description |
|---|---|---|
id | string | Unique key identifier |
name | string | Human-readable name for the key |
keyPrefix | string | First few characters of the key for identification |
lastUsedAt | string | Timestamp of the last API call using this key |
createdAt | string | Timestamp when the key was created |
POST /api/v1/api-keys
Create a new API key. The full key is returned in the response and cannot be retrieved again.
Request Body
{
"name": "MCP Server"
}
Fields
| Field | Type | Required | Description |
|---|---|---|---|
name | string | Yes | A descriptive name for the API key |
Response
{
"id": "clxk4d5e6...",
"name": "MCP Server",
"key": "pgtd_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6",
"keyPrefix": "pgtd_a1b2",
"createdAt": "2026-03-22T10:00:00.000Z"
}
The key field contains the full API key. Store it securely -- it will not be shown again.
DELETE /api/v1/api-keys/:id
Revoke an API key. Any requests using this key will immediately stop working.
Response
{
"success": true
}