API Reference
Authentication
Every public UniPost API request uses Bearer authentication with your API key. If the key is missing, malformed, revoked, or from the wrong environment, the request fails before any business logic runs.
How it works
Send your UniPost API key in the Authorization header as Bearer <key>. Keys are workspace-scoped and can be generated from the UniPost dashboard.
curl https://api.unipost.dev/v1/social-accounts \
-H "Authorization: Bearer up_live_xxxx"Key types
| Prefix | Environment | Use case |
|---|---|---|
| up_live_ | Production | Real publishing and production traffic |
| up_test_ | Test | Development, staging, and non-production integration work |
Best practices
- Store keys in environment variables, not in client-side source code or version control.
- Use different keys for staging and production to keep telemetry and quota usage separate.
- Rotate keys if a credential is exposed or if a teammate no longer needs access.
Common failures
| HTTP | Code | What it usually means |
|---|---|---|
| 401 | UNAUTHORIZED | The API key is missing, invalid, or revoked |
| 403 | FORBIDDEN | The key is valid but the workspace or plan does not allow the action |
| 429 | RATE_LIMITED | The key exceeded request limits for the current time window |