Polyrankdocs

API keys

Mint, use, and revoke pk_live_… keys.

Mint a key

  1. Sign in at polyrank.app and open /api-keys.
  2. Create a key with a label. The cleartext secret is shown once — store it immediately. Polyrank keeps only an argon2id hash plus an 11-character prefix for lookup.

Programmatic management (session cookie required — API keys cannot mint other keys):

EndpointWhat it does
GET /v1/api-keysList your keys (prefix + label only)
POST /v1/api-keysCreate a key (rate-limited to 5/hour)
DELETE /v1/api-keys/{id}Revoke immediately

Format

pk_live_xxxxxxxxxxxxxxxxxxxxxx   ← production
pk_test_xxxxxxxxxxxxxxxxxxxxxx   ← test

22 base32 characters of secret (~110 bits of entropy).

Use it

curl -s "https://api.polyrank.app/v1/rankings/presets" \
  -H "Authorization: Bearer pk_live_xxxxxxxxxxxxxxxxxxxxxx"

Works on any /v1/* route. Quotas and per-minute limits come from your plan — see Rate limits.

Treat keys like passwords: never commit them, never ship them in client-side code, and revoke immediately on suspicion. Keys inherit access to everything your plan can read.

Authentication

Session cookies for the app, Bearer API keys for programmatic access, x402 for agents.

Rate limits & quotas

Per-plan request quotas, per-minute limits, and the headers that report them.

On this page

Mint a keyFormatUse it