Documentation

Authentication

Get Pronto uses API keys to authenticate requests. You can view and manage your API keys from your Get Pronto Dashboard.

Key Types

Get Pronto provides two types of API keys, each designed for different use cases:

	Secret Key `pronto_sk_`	Public Key `pronto_pk_`
Upload files	Yes	Yes
List files	Yes	No
Get file metadata	Yes	No
Delete files	Yes	No
Generate transform URLs	Yes	No
Safe for browser code	No	Yes

Getting Your API Key

To access the Get Pronto API, you'll need an API key. Here's how to get one:

Log in to your Get Pronto Dashboard
Navigate to the API Keys section
Click Create New API Key
Choose Secret Key for server-side use or Public Key for browser/client-side use
Give your key a name (e.g., "Development", "Production")
Copy your new API key - note that it will only be shown once

Authenticating with the SDK

When using the Get Pronto SDK, provide your API key during client initialization. The SDK automatically detects the key type from the prefix:

Server-side (Secret Key)

javascript

import GetProntoClient from "getpronto-sdk";

// Full access — use in Node.js, API routes, server components
const client = new GetProntoClient({
  apiKey: "pronto_sk_..."
});

const files = await client.files.list();
await client.files.upload("./image.jpg");
await client.files.delete(fileId);

Client-side (Public Key)

javascript

import GetProntoClient from "getpronto-sdk";

// Upload only — safe for browser code
const client = new GetProntoClient({
  apiKey: "pronto_pk_..."
});

// Upload works
await client.files.upload(file);

// These will throw an error — not allowed with public keys
// client.files.list()
// client.files.delete(fileId)

Authenticating REST API Requests

For direct REST API requests, include your API key in the request headers:

bash

curl https://api.getpronto.io/v1/files \
  -H "Authorization: ApiKey YOUR_API_KEY" \
  -H "Content-Type: application/json"

All API requests must be made over HTTPS. Calls made over plain HTTP will fail.

Request Headers

Header	Description	Required
Authorization	Your API key in the format: `ApiKey YOUR_API_KEY`	Yes
Content-Type	The content type of the request body (for POST/PUT requests)	Conditional
Accept	The format of the response you want to receive (defaults to application/json)	No

API Key Security

Best practices for keeping your keys safe:

Use public keys for browser code — they can only upload files, so exposure is low-risk
Keep secret keys server-side only — store them in environment variables, never in client-side code or repositories
Use different keys for different environments (development, production)
Regenerate keys periodically

Next Steps

Continue exploring our documentation with these related topics:

File Operations API

Upload, list, and manage files with our REST API

SDK File Operations

Learn how to use our SDK for file management