Authentication
Pulbot's REST API uses JWT authentication (user session) or API Key (programmatic access). For external integrations and the MCP, use API Key.
Steps
- 1Generate an API Key: in the app → Profile → API Keys → «Generate new key».
- 2Add the X-API-Key header to each request: X-API-Key: {your_api_key}.
- 3Alternatively, for user sessions: the Authorization: Bearer {jwt_token} header works with the active session token.
Reference
- X-API-Key
- Header for programmatic access. Doesn't expire (until you revoke it).
- Authorization: Bearer
- Session JWT. Expires. Use API Key for integrations.
- Base URL
- https://dev.pulbot.com/api/v1 (dev) / https://pulbot.com/api/v1 (prod)
- Rate limiting
- Free plan: 10 req/s per IP (Cloudflare). No limit by IP, only by rate.
Common errors
- 401 Unauthorized
- Authentication header missing or invalid.
- 403 Forbidden
- Key is valid but the resource doesn't belong to the authenticated user, or the WAF blocked the request.
Next step
Read the endpoint reference.