Skip to main content
All DocIntell API endpoints require authentication using Bearer tokens. This page covers how to obtain, use, and manage your API keys.

API Key Format

DocIntell uses two types of API keys: API keys are 51 characters long: an 8-character prefix plus a 43-character base64-encoded token. Example:

Using Your API Key

Include your API key in the Authorization header of every request:

Obtaining API Keys

Via Dashboard

  1. Log in to app.docintell.com
  2. Navigate to SettingsAPI Keys
  3. Click Create API Key
  4. Choose:
    • Name: A descriptive name (e.g., “Production Server”, “CI/CD Pipeline”)
    • Environment: Live or Test
  5. Click Create
Your API key is only shown once upon creation. Copy it immediately and store it securely. If you lose your key, you’ll need to create a new one.

Via API

You can also create API keys programmatically:
Response:
The key field contains the full API key and is only included in the creation response. Subsequent API calls will only show the masked key_prefix.

Best Practices

Store Keys Securely

Environment Variables

Store keys in environment variables, never in code.

Secret Managers

Use AWS Secrets Manager, GCP Secret Manager, or HashiCorp Vault for production.
Never commit API keys to version control. Add .env files to your .gitignore.

Use Separate Keys per Environment

Rotate Keys Regularly

  1. Create a new API key
  2. Update your applications to use the new key
  3. Monitor for any requests using the old key
  4. Delete the old key once migration is complete

Listing API Keys

View all API keys for your tenant:
Response:
For security, the full API key is never shown after creation. Only the prefix is displayed.

Error Responses

Missing API Key

HTTP Status: 401 Unauthorized

Invalid API Key

HTTP Status: 401 Unauthorized

Malformed Authorization Header

HTTP Status: 401 Unauthorized

Tenant Isolation

Each API key is associated with a tenant. All resources (documents, jobs, webhooks) are scoped to your tenant and isolated from other customers. DocIntell uses Row-Level Security (RLS) at the database level to enforce strict tenant isolation. Even if a bug exists in the application logic, the database prevents cross-tenant data access.

Rate Limits

API keys are subject to per-tenant rate limits: Rate limit information is returned in response headers:
See Rate Limits for more details.

Public Endpoints

The following endpoints do not require authentication: