API & MCP for Agents

Integrate agents and external tools with Postger via the REST API or the built-in MCP server.

Quick start

  1. Go to Settings → API Keys (owner or manager role required) and click Create key.
  2. Pick a name, the social accounts the key may touch, the permissions, and an optional expiry.
  3. Copy the pg_live_... token — it is shown only once.

Create your first draft:

curl -X POST https://app.postger.com/api/v1/posts \
  -H "Authorization: Bearer pg_live_..." \
  -H "Content-Type: application/json" \
  -H "Idempotency-Key: my-first-post-1" \
  -d '{
    "content": "Hello from the Postger API!",
    "channel_id": "<channel id from GET /api/v1/accounts>",
    "scheduled_at": "2026-07-10T09:00:00Z",
    "status": "draft"
  }'

Not sure what your channel IDs are? Call GET /api/v1/accounts first, or GET /api/v1/me to see everything the key can do.

Connect an AI assistant (MCP)

Postger ships an MCP server, so assistants like Claude can list your accounts, draft and schedule posts, search your media library, and read analytics — with the permissions you chose, nothing more.

Claude Desktop / claude.ai

  1. Open Settings → Connectors → Add custom connector.
  2. Paste https://app.postger.com/api/v1/mcp as the URL — no API key needed.
  3. Claude discovers the OAuth flow automatically and sends you to Postger's consent screen: sign in, pick a workspace, approve the scopes. Access refreshes automatically; revoke it anytime from the consent app or by revoking the token.

Claude Code

claude mcp add --transport http postger \
  https://app.postger.com/api/v1/mcp \
  --header "Authorization: Bearer pg_live_..."

Cursor / other MCP clients

Add this to your client's MCP config (e.g. .cursor/mcp.json):

{
  "mcpServers": {
    "postger": {
      "url": "https://app.postger.com/api/v1/mcp",
      "headers": {
        "Authorization": "Bearer pg_live_..."
      }
    }
  }
}

Tip: create a dedicated key per assistant with only the permissions it needs — e.g. drafting without posts.publish — and watch what it does in Settings → API Keys → Recent activity.

Authentication

Create an API key in Settings → API Keysand send it as a bearer token. Keys are scoped to one workspace, an account allowlist, and a set of permissions. Effective permissions are the intersection of the key's grants and the issuer's current workspace role — demoting the issuer shrinks their keys.

curl https://app.postger.com/api/v1/me \
  -H "Authorization: Bearer pg_live_..."

REST endpoints

EndpointPermissionDescription
GET /api/v1/meKey context: workspace, permissions, allowed channels
GET /api/v1/accountschannels.readList connected social accounts
GET /api/v1/postsposts.readList posts (filter by status)
POST /api/v1/postsposts.writeCreate a post (supports Idempotency-Key)
GET /api/v1/posts/{id}posts.readGet a single post
PATCH /api/v1/posts/{id}posts.writeUpdate content, schedule, or images
DELETE /api/v1/posts/{id}posts.deleteDelete a post
POST /api/v1/posts/{id}/scheduleposts.publishQueue a post for publishing
POST /api/v1/posts/{id}/cancelposts.writeCancel a scheduled post (back to draft)
GET /api/v1/mediamedia.readSearch the media library (q, media_type, cursor, limit)
GET /api/v1/media/{id}media.readGet a single media asset
POST /api/v1/mediamedia.writeUpload a file, multipart/form-data (supports Idempotency-Key)
GET /api/v1/analytics/accounts/{id}analytics.readAccount analytics over a date range
GET /api/v1/analytics/posts/{id}analytics.readPost metrics

Responses are wrapped in { "data": ... }; errors in { "error": { "code", "message" } }.

Rate limits

Throttled responses return 429 with Retry-After, X-RateLimit-Limit and X-RateLimit-Remaining headers.

Idempotency

POST /api/v1/posts and POST /api/v1/media accept an Idempotency-Key header. Retries with the same key within 24 hours replay the original response (marked with X-Idempotent-Replayed: true). Reusing a key with a different body returns 422; a concurrent duplicate returns 409.

MCP server

The MCP endpoint lives at POST /api/v1/mcp (JSON-RPC 2.0). Connect with an API key, or via OAuth — Claude Desktop discovers the flow automatically through /.well-known/oauth-protected-resource, registers itself, and asks you to approve access to a workspace.

ToolPermissionDescription
list_accountschannels.readList connected social accounts
create_postposts.writeCreate a draft or queued post
list_postsposts.readList posts, optionally by status
get_postposts.readGet a post by ID
update_postposts.writeUpdate content, schedule, or images
schedule_postposts.publishQueue a post for publishing
cancel_postposts.writeCancel a scheduled post
upload_mediamedia.writeUpload base64-encoded media
search_mediamedia.readSearch the media library
get_mediamedia.readGet a media asset by ID
get_account_analyticsanalytics.readAccount analytics
get_post_analyticsanalytics.readPost metrics

Errors

Errors use a consistent envelope: { "error": { "code", "message" } }.

StatusCodeMeaning
401UNAUTHORIZEDMissing, malformed, revoked, or expired token
403FORBIDDENThe key lacks the required permission or channel access
404NOT_FOUNDResource missing or outside the key's scope
409IDEMPOTENCY_CONFLICTThe same Idempotency-Key is still being processed
422IDEMPOTENCY_KEY_REUSEDIdempotency-Key reused with a different body
429RATE_LIMIT_EXCEEDEDRate limit hit — respect the Retry-After header