Security
Authentication
Customer endpoints require an API key. Public proof, docs, schemas, health, and benchmark surfaces are open.
Header
x-api-key: pd_live_YOUR_KEY # Authorization bearer is also accepted on most customer routes: Authorization: Bearer pd_live_YOUR_KEY
Storage
Keys are shown once. Store them in a secret manager, CI secret store, or agent environment variable.
Failures
Missing, malformed, revoked, or expired keys return 401 invalid_api_key.