Authentication
Learn how to authenticate your API requests with API keys.
API key format
Wahlu API keys follow the format wahlu_live_.... Keep your keys secure — treat them like passwords.
Creating API keys
To create an API key, open your Wahlu dashboard and navigate to Settings → API Keys. Click Create API Key and configure:
- Name — A descriptive label (e.g. "Production Server" or "CI/CD Pipeline").
- Scopes — The permissions this key should have. See below for available scopes.
- Brand restrictions — Optionally restrict the key to specific brands.
Your API key is displayed once on creation. Copy it immediately — you won't be able to see it again.
Authorisation header
Include your API key in the Authorization header of every request:
curl https://api.wahlu.com/v1/brands \
-H "Authorization: Bearer wahlu_live_your_api_key_here"const response = await fetch("https://api.wahlu.com/v1/brands", {
headers: {
Authorization: "Bearer wahlu_live_your_api_key_here",
},
});Scopes
Scopes control what an API key can access. Assign only the scopes your application needs — following the principle of least privilege.
| Parameter | Type | Description |
|---|---|---|
brands:read | scope | List and view brand details. |
posts:read | scope | List and view posts. |
posts:write | scope | Create, update, and delete posts. |
schedule:read | scope | View scheduled posts and queues. |
schedule:write | scope | Create, update, and delete scheduled posts and queues. |
media:read | scope | List and view media files. |
media:write | scope | Upload and delete media files. |
ideas:read | scope | List and view ideas. |
ideas:write | scope | Create, update, and delete ideas. |
labels:read | scope | List and view labels. |
labels:write | scope | Create, update, and delete labels. |
snippets:read | scope | List and view snippets. |
snippets:write | scope | Create, update, and delete snippets. |
integrations:read | scope | View connected integrations. |
publications:read | scope | View publication history. |
community:read | scope | List and view community posts. Admin-only. |
community:write | scope | Create, update, and delete community posts. Admin-only. |
Brand restrictions
When creating an API key, you can restrict it to one or more brands. Restricted keys can only access resources belonging to the specified brands. Requests to other brands will return a 403 Forbidden error.
If no brand restrictions are set, the key has access to all brands in your workspace.