Loading…

Features Pricing

Log in Get started

Authorization

Authorization

Concepts

Authorization is determining what an authenticated caller is allowed to do. After authentication (e.g., via API key), the API checks whether the caller may access the requested resource—for example, a specific document, knowledge base, or organization. Access is typically scoped by organization and tenant.

In DocLD

Organization scope — Resources belong to an organization; the API key is tied to that org.
Resource-level — Access to documents, knowledge bases, and workflows is enforced per resource.
Dashboard — Users see only resources they are authorized to access.

Failed authorization returns 403 Forbidden. Authentication must succeed first.

Related Concepts

Authorization follows authentication. API keys are scoped to an organization; tenant and roles can further restrict access.

Related terms

Authentication
API Key
Organization
Tenant

See also

api reference › authentication

Frequently Asked Questions

Authorization determines what an authenticated caller is allowed to do. After authentication via API key, the API checks whether the caller may access the requested resource (document, knowledge base, organization). Access is scoped by organization.

Failed authorization returns 403 Forbidden. Ensure your API key belongs to the organization that owns the resource you are trying to access.

Authentication verifies who you are (API key). Authorization verifies what you can access (e.g., documents in your organization).

Check if DocLD supports scoped API keys (e.g., read-only, or limited to certain knowledge bases). Not all plans may offer this.

Access is typically scoped by organization. Role-based or resource-level permissions may be available in the dashboard or enterprise plans.

Dashboard users are invited to the organization with roles. Admins manage access; API keys are separate from user login.

Yes. You can be a member of multiple organizations and switch context. Each organization has its own resources and API keys.

By default, the key can access all resources in its organization. Scoped keys, if available, limit access to a subset.

Webhooks are outbound from DocLD to your URL. You authorize incoming webhook requests by verifying the signature with your secret.

See the DocLD documentation and glossary for details, and check the API reference for related endpoints and options.

On this page

In DocLD
Related Concepts
Frequently Asked Questions

Product

Features
Pricing
API Reference

Industries

Insurance
Construction
Professional Services
Finance
Energy & Utilities
View all

Company

About
Careers

Resources

Documentation
Blog
Help Center
Status

Legal

Privacy Policy
Terms of Service
Trust

Connect

X
GitHub
Discord

© 2026 DocLD, Inc.SOC audit in progress