Skip to content
Docstron Logo Docstron Logo Docs
Homepage Pricing Feedbacks

Authentication

All Docstron API requests require authentication using an API key. This ensures secure access to your applications, templates, and generated documents.

API Keys

Section titled “API Keys”

Docstron uses API keys for authentication. Each API key is associated with your account and provides access to all your applications and resources.

Getting Your API Key

Section titled “Getting Your API Key”
  1. Log in to your Docstron Dashboard
  2. Navigate to API Keys
  3. Click “Generate New Key”
  4. Copy your API key and store it securely

⚠️ Important: Your API key is shown only once. Store it securely and never share it publicly.

Authentication Method

Section titled “Authentication Method”

Docstron uses Bearer Token Authentication. Include your API key in the Authorization header of every API request:

Authorization: Bearer YOUR_API_KEY

Complete Example

Section titled “Complete Example”

Here’s a complete example of generating a PDF with authentication:

Terminal window
curl -X POST https://api.docstron.com/v1/documents/generate \
  -H "Authorization: Bearer dstr_abc123xyz456" \
  -H "Content-Type: application/json" \
  -d '{
    "template_id": "template-8c043edf-fa70-4e51-a8a2-12347958ca16",
    "data": {
      "customer_name": "John Doe",
      "amount": "$299.00"
    },
    "response_type": "pdf"
  }'

Authentication Errors

Section titled “Authentication Errors”

If authentication fails, you’ll receive an error response:

Invalid API Key

Section titled “Invalid API Key”
{
  "detail": "Invalid API key"
}

HTTP Status: 401 Unauthorized

Missing API Key

Section titled “Missing API Key”
{
  "detail": "Not authenticated"
}

HTTP Status: 403 Forbidden

Best Practices

Section titled “Best Practices”

✅ Do’s

Section titled “✅ Do’s”
  • Store API keys securely - Use environment variables or secure vaults
  • Use HTTPS - All API requests must use HTTPS
  • Rotate keys regularly - Generate new keys periodically for security
  • Use different keys - Use separate keys for development and production
  • Monitor usage - Check your API key usage in the dashboard

❌ Don’ts

Section titled “❌ Don’ts”
  • Never commit keys to version control - Add API keys to .gitignore
  • Don’t expose keys in client-side code - Keep keys on the server
  • Don’t share keys - Each team member should have their own key
  • Don’t hardcode keys - Always use environment variables

Managing API Keys

Section titled “Managing API Keys”

Generate additional API keys in your dashboard for different environments or team members.

Revoke API Key

Section titled “Revoke API Key”

If an API key is compromised:

  1. Go to API Keys
  2. Find the compromised key
  3. Click on red trash icon and confirm the revoke
  4. Generate a new key immediately

Key Naming

Section titled “Key Naming”

Give your API keys descriptive names to identify their purpose:

  • production-server
  • development-local
  • staging-environment
  • ci-cd-pipeline

Need Help?

Section titled “Need Help?”

If you have questions about applications or need assistance:

  • 📧 Email: support@docstron.com
  • 💬 Live Chat: Available in your dashboard
  • 📚 Documentation: You’re reading it!