Authentication
All API requests require authentication using an API key.
API Key Authentication
Include your API key in the Authorization header using the Bearer scheme:
Authorization: Bearer YOUR_API_KEY
Example Request
curl -X POST "https://api.pdfgenstudio.com/api/v1/renderer/html" \
-H "Authorization: Bearer pk_live_abc123xyz" \
-H "Content-Type: application/json" \
-d '{"html": "<h1>Hello World</h1>"}'
API Key Types
| Type | Prefix | Description |
|---|---|---|
| Live | pk_live_ | Production API key with full access |
| Test | pk_test_ | Sandbox key for development/testing |
Managing API Keys
Creating a New Key
- Log in to your Dashboard
- Go to Settings → API Keys
- Click Create New API Key
- Give your key a descriptive name
- Copy the key immediately (it won't be shown again)
Revoking a Key
- Navigate to Settings → API Keys
- Find the key you want to revoke
- Click the Revoke button
- Confirm the action
danger
Revoking a key is immediate and permanent. Any applications using that key will stop working.
Security Best Practices
Do's ✅
- Store API keys in environment variables
- Use different keys for development and production
- Rotate keys periodically
- Set up IP whitelisting if available
Don'ts ❌
- Never commit API keys to version control
- Don't expose keys in client-side JavaScript
- Don't share keys between applications
- Don't include keys in URLs
Environment Variables
Store your API key securely using environment variables:
Node.js
// .env file
PDFGEN_API_KEY=pk_live_abc123xyz
// In your code
const apiKey = process.env.PDFGEN_API_KEY;
Python
import os
api_key = os.environ.get('PDFGEN_API_KEY')
Bash
export PDFGEN_API_KEY="pk_live_abc123xyz"
Error Responses
Invalid API Key
{
"error": "Unauthorized",
"message": "Invalid or missing API key",
"statusCode": 401
}
Expired or Revoked Key
{
"error": "Unauthorized",
"message": "API key has been revoked",
"statusCode": 401
}