Authentication
Bearer keys for the Plurall AI API — issue, rotate, and revoke.
Every Plurall AI API request is authenticated with a bearer key. Keys are scoped to a single environment (production, staging, or sandbox) and a configurable subset of permissions. Manage keys in the Integrations console.
curl -X GET https://api.plurall.tech/api/v1/scans \
-H "Authorization: Bearer pl_sbx_key_..."List scans
This method/path/schema block is rendered from the shared OpenAPI registry, not hand-authored page copy.
Issuing a key
Open Integrations → API keys → New key. Choose a label, an environment, and the scopes that match the workload. Plurall AI returns the full key value once; copy it into your secret manager. After this point only a masked prefix is visible.
Making a request
Send the key in the Authorization header. The example below submits a single piece of media for scanning. The response includes the scan id; poll GET /api/v1/scans/{id} until status is "complete" — or subscribe to the scan.completed webhook.
Rotating without downtime
Issue a new key, swap it in your runtime, and only revoke the old key after the Integrations table reports that it has not been used in the last hour. Plurall AI surfaces last-used timestamps in real time so you can confirm the cutover before revocation.