Skip to main content
These endpoints power the Settings → API & MCP tab in the MagicPost web app. They use the existing cookie session, so they’re not callable from a script — you can only manage your keys from the web UI. The endpoints are documented here for completeness.

GET /api/v1/api-keys

List all your keys (active + revoked). Never returns clear tokens. Response

POST /api/v1/api-keys

Create a new key. The clear token is returned exactly once. Body
  • name (optional, max 64 chars) — friendly identifier shown in the UI
Response (HTTP 201)
Constraints:
  • Maximum 10 active keys per user (revoked keys don’t count)
  • Returns 400 if you hit the cap

DELETE /api/v1/api-keys/<key_id>

Revoke a key. Idempotent; revoking an already-revoked key returns 404. Response (HTTP 200)
Returns 404 if the key doesn’t exist OR isn’t owned by you (both surface as 404 to avoid leaking ownership info).

GET /api/v1/auth/verify

Validate a Bearer token. PAT auth, not cookie auth — this is the only key-management endpoint callable from a script. Response
Returns 401 if the token is invalid or revoked.