Skip to main content
All DocIntell API endpoints require authentication using Bearer tokens. This page covers how to obtain, use, and manage your API keys.

API Key Format

DocIntell uses two types of API keys:
Key TypePrefixPurpose
Livedk_live_Production usage, billable
Testdk_test_Development and testing, free
API keys are 51 characters long: an 8-character prefix plus a 43-character base64-encoded token. Example: 
dk_live_K7gNU3sdo-OL0wNhqoVWhr3g6s1xYv72ol_pe_Unols

Using Your API Key

Include your API key in the Authorization header of every request: 
Authorization: Bearer dk_live_YOUR_API_KEY

curl -X GET https://api.docintell.com/v1/documents \
  -H "Authorization: Bearer dk_live_K7gNU3sdo-OL0wNhqoVWhr3g6s1xYv72ol_pe_Unols"

Obtaining API Keys

Via Dashboard

  1. Log in to app.docintell.com
  2. Navigate to SettingsAPI Keys
  3. Click Create API Key
  4. Choose:
    • Name: A descriptive name (e.g., “Production Server”, “CI/CD Pipeline”)
    • Environment: Live or Test
  5. Click Create
Your API key is only shown once upon creation. Copy it immediately and store it securely. If you lose your key, you’ll need to create a new one.

Via API

You can also create API keys programmatically: 
curl -X POST https://api.docintell.com/v1/keys \
  -H "Authorization: Bearer dk_live_YOUR_ADMIN_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "CI/CD Pipeline",
    "environment": "live"
  }'
Response: 
{
  "key_id": "019370ab-1234-7def-8901-234567890abc",
  "name": "CI/CD Pipeline",
  "key_prefix": "dk_live_",
  "key": "dk_live_K7gNU3sdo-OL0wNhqoVWhr3g6s1xYv72ol_pe_Unols",
  "environment": "live",
  "created_at": "2025-12-03T10:30:00Z"
}
The key field contains the full API key and is only included in the creation response. Subsequent API calls will only show the masked key_prefix.

Best Practices

Store Keys Securely

Environment Variables

Store keys in environment variables, never in code.
export DOCINTELL_API_KEY="dk_live_..."

Secret Managers

Use AWS Secrets Manager, GCP Secret Manager, or HashiCorp Vault for production.
Never commit API keys to version control. Add .env files to your .gitignore.

Use Separate Keys per Environment

EnvironmentKey TypePurpose
Developmentdk_test_Local development, no billing
Stagingdk_test_Integration testing
Productiondk_live_Customer-facing workloads

Rotate Keys Regularly

  1. Create a new API key
  2. Update your applications to use the new key
  3. Monitor for any requests using the old key
  4. Delete the old key once migration is complete

Listing API Keys

View all API keys for your tenant: 
curl -X GET https://api.docintell.com/v1/keys \
  -H "Authorization: Bearer dk_live_YOUR_API_KEY"
Response: 
{
  "keys": [
    {
      "key_id": "019370ab-1234-7def-8901-234567890abc",
      "name": "Production Server",
      "key_prefix": "dk_live_",
      "environment": "live",
      "is_active": true,
      "created_at": "2025-12-01T10:30:00Z",
      "last_used_at": "2025-12-03T15:45:00Z"
    }
  ]
}
For security, the full API key is never shown after creation. Only the prefix is displayed.

Error Responses

Missing API Key

{
  "error": "missing_api_key",
  "message": "Authorization header is required"
}
HTTP Status: 401 Unauthorized

Invalid API Key

{
  "error": "invalid_api_key",
  "message": "The provided API key is invalid or has been revoked"
}
HTTP Status: 401 Unauthorized

Malformed Authorization Header

{
  "error": "malformed_auth_header",
  "message": "Authorization header must use Bearer scheme"
}
HTTP Status: 401 Unauthorized

Tenant Isolation

Each API key is associated with a tenant. All resources (documents, jobs, webhooks) are scoped to your tenant and isolated from other customers. DocIntell uses Row-Level Security (RLS) at the database level to enforce strict tenant isolation. Even if a bug exists in the application logic, the database prevents cross-tenant data access.

Rate Limits

API keys are subject to per-tenant rate limits:
OperationLimitWindow
Document Ingestion100 documents1 hour
Job Status Checks1,000 requests1 hour
Rate limit information is returned in response headers: 
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 95
X-RateLimit-Reset: 1701612000
See Rate Limits for more details.

Public Endpoints

The following endpoints do not require authentication:
EndpointPurpose
GET /API info and version
GET /healthHealth check
GET /healthzKubernetes-style health check