Authentication
Secure your API requests with Bearer token authentication. All API endpoints require a valid API key.
API Key Authentication
Include your API key in the Authorization header of every request using Bearer token format. Your API key can be found in your dashboard after creating an account.
Keep your API key secure
Never expose your API key in client-side code, public repositories, or logs. Store it securely as an environment variable.
Getting Your API Key
- 1Sign up for a free account at dashboard
- 2Navigate to the API Keys section
- 3Create a new API key and copy it securely
- 4Use the key in your Authorization header
curl --request GET \
--url https://pdfmage.app/api/v1/fill-pdf \
--header 'Accept: application/json' \
--header 'Authorization: Bearer pk_live_abc123...'const headers = {
'Authorization': 'Bearer pk_live_abc123...',
'Content-Type': 'multipart/form-data'
};
fetch('https://pdfmage.app/api/v1/fill-pdf', {
method: 'POST',
headers: headers,
body: formData
});Authentication Errors
Unauthorized
Invalid, missing, or malformed API key
Forbidden
API key doesn't have required permissions
Rate Limited
Too many requests from this API key
{
"error": "Unauthorized",
"message": "Invalid API key provided",
"details": {
"code": "INVALID_API_KEY",
"hint": "Check your Authorization header format"
},
"timestamp": "2024-01-15T10:30:00Z",
"requestId": "req_abc123"
}Best Practices
• Store API keys in environment variables
• Never commit keys to version control
• Use different keys for different environments
• Rotate keys periodically
• Monitor key usage for anomalies
• Always include Bearer prefix in Authorization header
• Handle 401/403 errors gracefully
• Implement retry logic for 429 errors
• Log requests without exposing keys
• Validate responses before processing