The deployment webhook API uses Bearer token authentication with API keys.
Generating an API key
- Sign in to the Periscope dashboard at app.periscope.sh
- Navigate to Settings > Deployments
- Click Generate API Key
- Copy the key immediately
The API key is shown only once. If you lose it, you will need to generate a new one. The old key remains active — you can revoke it from the settings page.
Using the API key
Include the API key in the Authorization header of every request:
curl -X POST https://app.periscope.sh/api/webhooks/deployments \
-H "Authorization: Bearer psk_live_xxxxxxxxxxxxxxxxxxxx" \
-H "Content-Type: application/json" \
-d '{ ... }'
Key properties
| Property | Details |
|---|
| Scope | Each key is scoped to a single organization |
| Rate limiting | Contact support for rate limit details |
| Revocation | Keys can be revoked from Settings > Deployments |
| Format | Keys are prefixed for identification (e.g., psk_live_...) |
Organization resolution
The API key determines which organization the deployment is recorded for. You do not need to include an organization identifier in the payload.
If you optionally include organizationSlug in the payload, Periscope validates that it matches the key’s organization. This is a safety check to prevent accidental cross-organization ingestion.
Error responses
| Status | Meaning |
|---|
401 Unauthorized | Missing or invalid API key |
403 Forbidden | Key is valid but the organization slug does not match |
429 Too Many Requests | Rate limit exceeded |
