Skip to main content

Bearer tokens

Every request needs an Authorization header with your API key: 
Authorization: Bearer ps_live_...
Requests without a valid key return 401 Unauthorized.

Creating an API key

1

Sign in to the dashboard

Visit pullstory.com/dashboard and sign in with GitHub.
2

Open API Keys

Navigate to pullstory.com/dashboard/api-keys.
3

Click 'Create key'

Give it a descriptive name (e.g. “CI pipeline” or “Claude Code MCP”). The full secret is shown only once — copy it immediately.
4

Store it securely

Put it in a secret manager, .env.local, or your CI provider’s secrets UI. Never commit it to a repo.

Key prefixes

PrefixEnvironment
ps_live_Production
ps_test_Sandbox (coming soon)

Permissions

Every key is scoped to your user account and respects the same plan limits as the web dashboard. A key can:
  • Create and read pull stories for any repo you have GitHub access to
  • Read your usage and profile
  • Manage your other API keys
A key cannot access other users’ data or repos you don’t have read access to.

Revoking a key

Revoking happens instantly — any in-flight request using that key will fail on the next call. 
# pullstory.com/dashboard/api-keys → click Revoke
If a key is leaked, revoke it immediately and issue a new one. Generation requests made with the leaked key between leak and revocation still count against your minute quota.

Rotating keys

There’s no forced rotation, but best practice:
  • One key per integration (Claude Code MCP, CI, internal scripts)
  • Rotate every 90 days for production keys
  • Rotate immediately on team member departure

Next steps

Quickstart

Make your first authenticated request.

MCP setup

Wire the API into Claude Code.