Authentication
PincerAPI supports two authentication methods: API keys (for agents) and JWT cookies (for the web dashboard).
API Keys (Bearer Token)
This is the primary auth method for programmatic access.
Generating a Key
- Sign in to the dashboard
- Navigate to Dashboard → API Keys
- Click Create New Key
- Copy the key immediately — it's only shown once
Keys have the format: pincer_sk_{48_hex_chars}
Using Your Key
Include it in the Authorization header:
curl -H "Authorization: Bearer pincer_sk_YOUR_KEY" \
https://pincerapi.com/api/v1/apis
Or use the X-API-Key header:
curl -H "X-API-Key: pincer_sk_YOUR_KEY" \
https://pincerapi.com/api/v1/apis
Key Management
- Disable/Enable: Toggle keys without deleting them
- Revoke: Permanently deactivate a key
- Multiple keys: Create separate keys per agent or environment
JWT Cookies (Web Dashboard)
The web dashboard uses HTTP-only JWT cookies for session management.
- Cookies are set on
POST /api/auth/login - Cleared on
POST /api/auth/logout - Automatically sent with browser requests
- Not intended for programmatic use
Auth Errors
| Status | Meaning |
|---|---|
| 401 | Missing or invalid API key |
| 402 | Valid key but insufficient balance |
| 403 | Key is disabled or revoked |