Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.pome.sh/llms.txt

Use this file to discover all available pages before exploring further.

The Pome API uses API keys for authentication. Every request to api.pome.sh must include your key in the X-API-KEY header. Keys are scoped to a team and carry the permissions of the role that created them.

Getting an API key

1

Sign in at pome.sh

Go to pome.sh and sign in to your account.
2

Open your team settings

Click your team name in the top navigation, then select Settings.
3

Create an API key

Click Create API key and give it a descriptive name, such as ci-prod or local-dev.
4

Copy the key

Copy the key immediately — it is shown only once. Your key starts with pme_ and looks like pme_aB3kPqXyZ.... Store it in a secrets manager or environment variable.

Using your API key

Pass your key in the X-API-KEY header on every request: 
curl https://api.pome.sh/v1/me \
  -H "X-API-KEY: pme_yourkey"

API key in CI

Set the POME_API_KEY environment variable in your CI environment. The pome CLI reads it automatically — no --token flag required: 
export POME_API_KEY=pme_yourkey
pome run scenarios/01-bug-happy-path.md
In GitHub Actions, add the key as a repository secret and reference it in your workflow: 
- name: Run Pome scenarios
  env:
    POME_API_KEY: ${{ secrets.POME_API_KEY }}
  run: pome run scenarios/

Verify your key

Call GET /v1/me to confirm your key is valid and see which team it belongs to: 
curl https://api.pome.sh/v1/me \
  -H "X-API-KEY: pme_yourkey"
A successful response returns your user, team, and key metadata: 
HTTP/1.1 200 OK

{
  "user": { "id": "usr_...", "email": "alice@example.com" },
  "team": { "id": "tm_...", "slug": "acme", "plan_tier": "pro" },
  "api_key": { "id": "pme_aB3", "name": "ci-prod" }
}

Error codes

HTTP statusMeaning
401Missing or invalid API key
403Key revoked or team banned
All error responses include a request_id field. Include it when filing a support ticket.

Managing keys

You can revoke keys from the Settings page in the dashboard. To revoke programmatically, call apiKeys.revoke via the dashboard API or use the dashboard UI — there is no dedicated REST endpoint for key revocation in the public API.
Never commit API keys to source control. Use environment variables or a secrets manager such as GitHub Actions Secrets, HashiCorp Vault, or AWS Secrets Manager. If a key is accidentally exposed, revoke it immediately from team settings and create a new one.