Authentication
Learn how to authenticate your API requests with API keys.
API key format
Wahlu API keys follow the format wahlu_live_.... Keep your keys secure — treat them like passwords.
Creating API keys
To create an API key, open your Wahlu dashboard and navigate to Settings → API Keys. Click Create API Key and configure:
- Name — A descriptive label (e.g. "Production Server" or "CI/CD Pipeline").
- Scopes — The permissions this key should have. See below for available scopes.
- Brand restrictions — Optionally restrict the key to specific brands.
Your API key is displayed once on creation. Copy it immediately — you won't be able to see it again.
Authorisation header
Include your API key in the Authorization header of every request:
curl https://api.wahlu.com/v1/brands \
-H "Authorization: Bearer wahlu_live_your_api_key_here"const response = await fetch("https://api.wahlu.com/v1/brands", {
headers: {
Authorization: "Bearer wahlu_live_your_api_key_here",
},
});Scopes
Scopes control what an API key can access. Assign only the scopes your application needs — following the principle of least privilege.
| Parameter | Type | Description |
|---|---|---|
brands:read | scope | List and view brand details. |
posts:read | scope | List and view posts. |
posts:write | scope | Create, update, and delete posts. |
notifications:read | scope | View effective brand notification settings and override state for the API key owner. |
notifications:write | scope | Create, update, and revert brand notification overrides for the API key owner. |
schedule:read | scope | View scheduled posts and queues. |
schedule:write | scope | Create, update, and delete scheduled posts and queues. |
media:read | scope | List and view media files. |
media:write | scope | Upload and delete media files. |
ideas:read | scope | List and view ideas. |
ideas:write | scope | Create, update, and delete ideas. |
labels:read | scope | List and view labels. |
labels:write | scope | Create, update, and delete labels. |
snippets:read | scope | List and view snippets. |
snippets:write | scope | Create, update, and delete snippets. |
integrations:read | scope | View connected integrations. |
publications:read | scope | View publication history. |
community:read | scope | List and view community posts. Admin-only. |
community:write | scope | Create, update, and delete community posts. Admin-only. |
admin:read | scope | Read admin-only orchestration state such as website scans, generation status, and sample packs. Admin-only. |
admin:marketing | scope | Create brands and run the admin marketing orchestration workflow. Admin-only. |
Brand restrictions
When creating an API key, you can restrict it to one or more brands. Restricted keys can only access resources belonging to the specified brands. Requests to other brands will return a 403 Forbidden error.
If no brand restrictions are set, the key has access to all brands in your workspace.