Authentication

All Partli REST endpoints accept a Bearer token in the Authorization header.

Every Partli workspace gets a Default API key auto-provisioned on creation. You can create additional keys (and revoke old ones) from the API keys page in the workspace sidebar.

Format

Authorization: Bearer pk_live_qV0ve44ttmypOR4HzPinh1YJLSNtij92

Keys start with pk_live_. Treat them like passwords — never commit them, never expose them client-side. Rotate immediately if compromised.

One-time reveal

For security, we only show the full key value once — at the moment of creation. Store it somewhere safe immediately. If you lose it, revoke and recreate.

Auth scope

API keys are scoped to a single workspace. To track events in multiple workspaces, use a key per workspace.

Error responses

401 Unauthorized — missing, malformed, or revoked key
400 Bad Request — invalid request body (validation errors returned in error)
404 Not Found — referenced resource doesn't exist or doesn't belong to your workspace

Tracking endpoints dedupe on externalId silently — re-posting the same id returns the original event id without an error.

PreviousSale tracking Next POST /api/track/lead