Authentication

How to get your API key and authenticate requests

All API requests require authentication using an API key. This page explains how to get your key and use it.

Getting Your API Key

  1. Log in to your Late account at getlate.dev
  2. Go to Settings → API Keys
  3. Click Create API Key
  4. Give it a name (e.g., "My App" or "CI/CD Pipeline")
  5. Copy the key immediately — you won't be able to see it again

API Key Format

ComponentDescription
Prefixsk_ (3 characters)
Body32 random bytes as hex (64 characters)
Total Length67 characters

Example:

sk_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v

Key Preview (shown in dashboard):

sk_a1b2c...d0e1f2

Important:

  • Keys are only shown once at creation time
  • Keys are stored as a SHA-256 hash for security (never stored in plain text)
  • Limited to 10 active keys per user

Making Authenticated Requests

Include your API key in the Authorization header as a Bearer token:

curl https://getlate.dev/api/v1/posts \
  -H "Authorization: Bearer YOUR_API_KEY"

Example: List Your Posts

curl https://getlate.dev/api/v1/posts \
  -H "Authorization: Bearer sk_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v"

Example: Create a Post

curl -X POST https://getlate.dev/api/v1/posts \
  -H "Authorization: Bearer sk_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v" \
  -H "Content-Type: application/json" \
  -d '{
    "content": "Hello from the API!",
    "platforms": [
      {"platform": "twitter", "accountId": "acc_123"}
    ]
  }'

Using Environment Variables

Never hardcode your API key in your code. Use environment variables instead:

# Set the environment variable
export LATE_API_KEY="sk_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v"

# Use it in your requests
curl https://getlate.dev/api/v1/posts \
  -H "Authorization: Bearer $LATE_API_KEY"

In Node.js

const apiKey = process.env.LATE_API_KEY;

const response = await fetch('https://getlate.dev/api/v1/posts', {
  headers: {
    'Authorization': `Bearer ${apiKey}`,
    'Content-Type': 'application/json'
  }
});

In Python

import os
import requests

api_key = os.environ.get('LATE_API_KEY')

response = requests.get(
    'https://getlate.dev/api/v1/posts',
    headers={'Authorization': f'Bearer {api_key}'}
)

Error Responses

If authentication fails, you'll receive a 401 Unauthorized response:

{
  "error": "Invalid or missing API key"
}

Common causes:

  • Missing Authorization header
  • Typo in the API key
  • API key was deleted or expired
  • Using API_KEY instead of Bearer API_KEY

Security Best Practices

  • Never share your API key publicly or commit it to git
  • Use environment variables to store keys
  • Create separate keys for different applications
  • Delete unused keys from your dashboard
  • Rotate keys periodically for enhanced security

Managing API Keys Programmatically

You can also manage API keys via the API:

EndpointDescription
GET /v1/api-keysList your API keys
POST /v1/api-keysCreate a new API key
DELETE /v1/api-keys/{keyId}Delete an API key

See the API Keys reference for details.

Next Step

Now that you can authenticate, let's create your first post.

Overview

Welcome to the Late API - schedule and publish to all your social media accounts from one place

Quickstart

A complete walkthrough to schedule your first social media post with Late

On this page

Getting Your API Key
API Key Format
Making Authenticated Requests
Example: List Your Posts
Example: Create a Post
Using Environment Variables
In Node.js
In Python
Error Responses
Security Best Practices
Managing API Keys Programmatically
Next Step