Authentication
All Pageflare API endpoints require a valid Bearer token. Tokens are tied to your account and license tier and must be included in every request except GET /health.
Bearer token format
Section titled “Bearer token format”Pass your token in the Authorization header:
Authorization: Bearer <your-token>Every request must include this header. Requests without it — or with an invalid or expired token — receive a 401 Unauthorized response.
Obtaining a token
Section titled “Obtaining a token”Via the dashboard:
- Log in at app.pageflare.dev.
- Go to Settings → API Tokens.
- Click Generate token and copy the value — it is shown only once.
Via the CLI:
pageflare loginAfter authenticating in the browser, the CLI stores a token in ~/.config/pageflare/credentials.json and uses it automatically for all pageflare commands. You can print the stored token with:
pageflare tokenRequest format
Section titled “Request format”Most endpoints accept JSON bodies:
Content-Type: application/jsonThe Sites upload endpoint also accepts multipart/form-data (for zip + config together) or application/octet-stream (raw zip body). See the Sites API for details.
Rate limiting
Section titled “Rate limiting”Rate limits are enforced per token. When you exceed the limit the API returns 429 Too Many Requests with a Retry-After header indicating how many seconds to wait. Specific limit values depend on your license tier.
Error responses
Section titled “Error responses”| Status | Meaning |
|---|---|
401 Unauthorized | Missing, malformed, or expired token |
403 Forbidden | Valid token but insufficient permissions for the requested resource |
429 Too Many Requests | Rate limit exceeded |
A 401 response body always has this shape:
{ "error": "Unauthorized"}