API Keys
API keys authenticate programmatic access to the DocLD API. Key management (create, list, update, delete, rotate) is done only in the dashboard.
Managing API Keys
Create and manage API keys in the dashboard:
- Open Settings → API Keys (or use the API Keys link in the sidebar).
- Click Create API Key to generate a new key.
- Copy the key immediately—the full value is shown only once.
- Use Edit, Rotate, or Revoke from the list as needed.
There is no REST API for key management; use the dashboard for all create, list, update, delete, and rotate operations.
Using API Keys
Include your API key in the Authorization header on API requests:
Authorization: Bearer docld_YOUR_KEY_SUFFIXSee Authentication for details and Overview for base URL and rate limits.
Key Properties
| Property | Description |
|---|---|
name | Descriptive name for the key |
tier | Access tier: free, standard, premium |
rate_limit_rpm | Requests per minute limit |
rate_limit_rpd | Requests per day limit |
expires_at | Optional expiration date (ISO 8601) |
organization_id | Scope key to an organization (optional) |
Key Tiers
| Tier | RPM | RPD | Features |
|---|---|---|---|
free | 100 | 10,000 | Basic access |
standard | 1,000 | 100,000 | All features |
premium | 10,000 | 1,000,000 | Priority support, higher limits |
Key Format
API keys use the prefix docld_ followed by a secret suffix. The dashboard shows a short prefix (e.g. docld_abc12...) for identification; the full key is only shown at creation or after rotation.
Security Best Practices
- Rotate regularly — Rotate keys every 90 days (dashboard: select key → Rotate).
- Use specific names — Name keys by purpose (e.g. “Production API”, “CI/CD Pipeline”).
- Set expiration — Use expiration dates for temporary access.
- Scope to organizations — Use organization-scoped keys for team resources.
- Monitor usage — Review usage statistics in the dashboard.
- Revoke unused keys — Delete keys that are no longer needed.
See also: Authentication, Overview.
Last updated on