Authentication

Sign in to your ProoN dashboard, head to Settings → API keys, and click Create key. Give it a name you'll recognize later (e.g. Zapier production). This is required so you can identify it when revoking.

Include the key in every request as a bearer token:

curl https://www.proon.ai/api/v1/me \
  -H "Authorization: Bearer prn_live_4f8a..."

The token format is prn_live_ followed by 55 random alphanumeric characters (64 chars total). Test that your key works by hitting the /meendpoint. On success you'll receive your organization's metadata.

Auth failures return HTTP 401 with a uniform body:

{
  "error": "unauthorized",
  "message": "Provide a valid API key via `Authorization: Bearer <key>` header. Manage keys at https://www.proon.ai/app/settings/api-keys."
}

Possible causes: missing Authorization header, wrong scheme (we expect Bearer, not Basic), malformed key, revoked key. We return the same message for all cases, with no oracle to distinguish “invalid” from “revoked.”

• To rotate: create a new key, update your integration, then revoke the old one. There's no downtime. Both keys work until the old one is revoked.
• To revoke: click the trash icon next to the key in the dashboard. Integrations using that key start receiving 401s immediately.
• Revoked keys stay in your activity log (Settings → Account activity) so you can audit who created/revoked what and when.

• Treat keys like passwords. Never commit them to source control.
• Store in env vars or a secret manager (1Password, AWS Secrets Manager, Doppler, etc.).
• Use a separate key per environment + integration so revocation is targeted.
• Add 2FA to your account at Settings → Security so only you can manage keys.