Getting Started

Authentication

Learn how to authenticate with Postpone's GraphQL API using personal API keys.

Postpone uses personal API key to authenticate requests against the GraphQL API. This guide covers how to obtain your API key, use it in requests, and best practices for API authentication.

Getting Your API Key

To access Postpone's API, you'll need to generate a personal API key from your account settings.

Step-by-step instructions:

Log into your Postpone account at postpone.app
Navigate to Settings > Integrations > Postpone API from the main navigation
Create an API Key. Give it a name and optionally an expiration date.
Copy the new API key.

Keep your API Key secure and never share it publicly. Anyone with your key can access your Postpone account via the API.

Using Your API Key

API Keys must be included in the Authorization header of every request to Postpone's API. Use the Bearer authentication scheme with your key.

Header format:

Authorization: Bearer YOUR-API-KEY

Complete request example:

curl --request POST \
  --url https://api.postpone.app/gql \
  --header 'Authorization: Bearer YOUR-API-KEY' \
  --header 'Content-Type: application/json' \
  --data '{
    "query": "query profile { profile { id username email } }"
  }'

Authentication Examples

const response = await fetch('https://api.postpone.app/gql', {
  method: 'POST',
  headers: {
    'Authorization': 'Bearer YOUR-API-KEY',
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({
    query: `
      query profile {
        profile {
          id
          username
          email
        }
      }
    `
  })
});

const data = await response.json();

import requests

headers = {
    'Authorization': 'Bearer YOUR-API-KEY',
    'Content-Type': 'application/json',
}

query = """
query profile {
  profile {
    id
    username
    email
  }
}
"""

response = requests.post(
    'https://api.postpone.app/gql',
    headers=headers,
    json={'query': query}
)

data = response.json()

API Key Security Best Practices

Environment Variables

Store your API Key in environment variables rather than hardcoding it in your application:

# .env file
POSTPONE_API_KEY=your-api-key-here

// In your application
const apiKey = process.env.POSTPONE_API_KEY;

Key Rotation

Regularly rotate your API Keys for enhanced security:

Generate a new key in your Settings
Update your applications to use the new key
Test that everything works with the new key
The old key will be automatically invalidated when you generate a new one

Troubleshooting Authentication

Common authentication errors:

401 Unauthorized

Your API Key is missing, invalid, or expired
Make sure you're including the Bearer prefix in the Authorization header

403 Forbidden

Your account doesn't have access to the API
The key may belong to a different account

Invalid key format

Ensure you're using Bearer YOUR-API-KEY format
Check for extra spaces or characters in your key

Testing your authentication:

Use this simple query to test if your authentication is working:

curl --request POST \
  --url https://api.postpone.app/gql \
  --header 'Authorization: Bearer YOUR-API-KEY' \
  --header 'Content-Type: application/json' \
  --data '{"query": "query { profile { username } }"}'

A successful response will return your username:

{
  "data": {
    "profile": {
      "username": "your-username"
    }
  }
}

Introduction

Create scripts and automations using Postpone's GraphQL API.

Error Handling

Understanding and handling errors in the Postpone GraphQL API.