PDF-Sign Docs

Authentication

Secure your API requests with API keys.

Security Best Practices

Keep your API keys secure. Never expose them in client-side code or public repositories.

How to Authenticate

Include your API key in the x-api-key header of every request:

curl -H "x-api-key: pdfsign_your_api_key_here" \
     -H "Content-Type: application/json" \
     https://api.pdf-sign.com/functions/v1/generate-pdf-preview

API Key Format

PDF-Sign API keys follow this format:

pdfsign_xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

The pdfsign_ prefix helps identify the key type and prevents accidental exposure.

Getting Your API Key

  1. Log in to your PDF-Sign Dashboard
  2. Navigate to the API Keys page
  3. Click "Generate New Key"
  4. Copy and securely store your key

Multiple Keys

You can create multiple API keys for different environments or applications (development, staging, production).

Authentication Examples

cURL

curl -X POST https://api.pdf-sign.com/functions/v1/generate-pdf-preview \
  -H "x-api-key: pdfsign_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{"templateId": "...", "variables": {...}}'

JavaScript (fetch)

const response = await fetch('https://api.pdf-sign.com/functions/v1/generate-pdf-preview', {
  method: 'POST',
  headers: {
    'x-api-key': 'pdfsign_your_api_key',
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({
    templateId: 'your-template-id',
    variables: {
      clientName: 'John Doe',
      amount: '1000',
    },
  }),
});

const data = await response.json();

Python (requests)

import requests

response = requests.post(
    'https://api.pdf-sign.com/functions/v1/generate-pdf-preview',
    headers={
        'x-api-key': 'pdfsign_your_api_key',
        'Content-Type': 'application/json',
    },
    json={
        'templateId': 'your-template-id',
        'variables': {
            'clientName': 'John Doe',
            'amount': '1000',
        },
    }
)

data = response.json()

Node.js (axios)

const axios = require('axios');

const response = await axios.post(
  'https://api.pdf-sign.com/functions/v1/generate-pdf-preview',
  {
    templateId: 'your-template-id',
    variables: {
      clientName: 'John Doe',
      amount: '1000',
    },
  },
  {
    headers: {
      'x-api-key': 'pdfsign_your_api_key',
      'Content-Type': 'application/json',
    },
  }
);

Authentication Errors

Status CodeErrorDescription
401UnauthorizedMissing or invalid API key
403ForbiddenAPI key doesn't have access

Error Response Example

{
  "error": "Invalid API key",
  "code": "UNAUTHORIZED",
  "status": 401
}

Security Recommendations

  1. Never commit API keys - Use environment variables instead
  2. Rotate keys regularly - Generate new keys periodically
  3. Use separate keys - Different keys for development and production
  4. Monitor usage - Check the dashboard for unusual activity
  5. Revoke compromised keys - Delete keys immediately if exposed