Quickstart

A working call to /v1/me in three steps. No accounts to register today (Phase 4 ships self-serve signup); the API is live on a workers.dev URL and admins are minted directly via the bootstrap CLI.

1. Get an API key. Pedro mints them today via:

   pnpm bootstrap:admin --email=you@example.com

   The plain key (ptmc_…) is printed once. Save it — it cannot be retrieved.

2. Make your first call. /v1/me echoes the authenticated user and key.

   curl

   curl -H "Authorization: Bearer ptmc_REPLACE_WITH_YOUR_KEY" \
     https://patomic-api.pedrotengelmann.workers.dev/v1/me

   TypeScript

   const res = await fetch("https://patomic-api.pedrotengelmann.workers.dev/v1/me", {
     headers: { Authorization: `Bearer ${process.env.PATOMIC_KEY}` },
   });
   const me = await res.json();
   console.log(me);

   Python

   import os, requests
   
   r = requests.get(
       "https://patomic-api.pedrotengelmann.workers.dev/v1/me",
       headers={"Authorization": f"Bearer {os.environ['PATOMIC_KEY']}"},
       timeout=10,
   )
   r.raise_for_status()
   print(r.json())

3. Read the response headers. Patomic emits the rate-limit signal on every successful call so your client never has to guess:

   x-ratelimit-limit:     600
   x-ratelimit-remaining: 599
   x-ratelimit-reset:     1715292000
   x-request-id:          9f8d3a74fd34b116

   Store x-request-id in your application logs — it’s the same value Patomic uses internally, so support tickets can correlate instantly.

What just happened

The request hit Cloudflare’s edge, was authenticated against the deterministic PBKDF2 hash of your ptmc_ key, atomically incremented the per-key rate-limit counter in D1, and returned the user envelope. End-to-end p50 is ≈ 90 ms from London.

Next steps

• Authentication — how keys, prefixes and scopes work.
• Pagination — every list endpoint takes the same page_size + cursor contract.
• Errors — every failure response includes a docs_url linking back here.