Authentication

All API requests require authentication using an API key.

API Key Authentication

You can authenticate your requests using one of two methods:

Option 1: Header Authentication (Recommended)

Include your API key in the x-api-key header:

x-api-key: YOUR_API_KEY

Option 2: URL Parameter

Append your API key as a query parameter:

?api_key=YOUR_API_KEY

tip

We recommend using the header method for better security, as URL parameters may be logged in server access logs.

Example Requests

Using Header:

curl -X POST "https://api.pdfgenstudio.com/api/v1/renderer/html" \
  -H "x-api-key: sk_live_abc123xyz" \
  -H "Content-Type: application/json" \
  -d '{"html": "<h1>Hello World</h1>"}'

Using URL Parameter:

curl -X POST "https://api.pdfgenstudio.com/api/v1/renderer/html?api_key=sk_live_abc123xyz" \
  -H "Content-Type: application/json" \
  -d '{"html": "<h1>Hello World</h1>"}'

API Key Types

Type	Prefix	Description
Live	`sk_live_`	Production API key with full access
Test	`sk_test_`	Sandbox key for development/testing

Managing API Keys

Creating a New Key

Log in to your Dashboard
Go to Settings → API Keys
Click Create New API Key
Give your key a descriptive name
Copy the key immediately (it won't be shown again)

Revoking a Key

Navigate to Settings → API Keys
Find the key you want to revoke
Click the Revoke button
Confirm the action

danger

Revoking a key is immediate and permanent. Any applications using that key will stop working.

Security Best Practices

Do's ✅

Store API keys in environment variables
Use different keys for development and production
Rotate keys periodically
Set up IP whitelisting if available

Don'ts ❌

Never commit API keys to version control
Don't expose keys in client-side JavaScript
Don't share keys between applications
Don't include keys in URLs

Environment Variables

Store your API key securely using environment variables:

Node.js

// .env file
PDFGEN_API_KEY=sk_live_abc123xyz

// In your code
const apiKey = process.env.PDFGEN_API_KEY;

// Using with fetch
fetch('https://api.pdfgenstudio.com/api/v1/renderer/html', {
  method: 'POST',
  headers: {
    'x-api-key': apiKey,
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({ html: '<h1>Hello World</h1>' })
});

Python

import os
import requests

api_key = os.environ.get('PDFGEN_API_KEY')

response = requests.post(
    'https://api.pdfgenstudio.com/api/v1/renderer/html',
    headers={'x-api-key': api_key},
    json={'html': '<h1>Hello World</h1>'}
)

Bash

export PDFGEN_API_KEY="sk_live_abc123xyz"

Error Responses

Invalid API Key

{
  "error": "Unauthorized",
  "message": "Invalid or missing API key",
  "statusCode": 401
}

Expired or Revoked Key

{
  "error": "Unauthorized",
  "message": "API key has been revoked",
  "statusCode": 401
}

API Key Authentication​

Option 1: Header Authentication (Recommended)​

Option 2: URL Parameter​

Example Requests​

API Key Types​

Managing API Keys​

Creating a New Key​

Revoking a Key​

Security Best Practices​

Do's ✅​

Don'ts ❌​

Environment Variables​

Node.js​

Python​

Bash​

Error Responses​

Invalid API Key​

Expired or Revoked Key​