API Keys Guide

Learn how to create and manage API keys for programmatic access.

What are API Keys?

API keys allow you to authenticate API requests without using username/password. They're essential for:

• Automated document generation
• Integration with other systems
• Server-to-server communication
• CI/CD pipelines

Creating an API Key

Via Web Interface

1. Navigate to Settings → Developer
2. Click Create API Key
3. Enter a descriptive name (e.g., "Production Server")
4. (Optional) Set expiration date
5. Click Generate
6. Copy the key immediately (it won't be shown again!)

Key Format

dgl_1234567890abcdef1234567890abcdef

All DocGenLab API keys start with dgl_ prefix.

Using API Keys

Authentication Header

Include your API key in the X-API-Key header:

curl -X GET "https://api.docgenlab.com/api/v1/templates/" \
  -H "X-API-Key: dgl_your_key_here"

Example: Generate Document

curl -X POST "https://api.docgenlab.com/api/v1/documents/" \
  -H "X-API-Key: dgl_your_key_here" \
  -H "Content-Type: application/json" \
  -d '{
    "template_id": "abc-123",
    "input_json": {
      "customer_name": "John Doe",
      "amount": 1250.00
    },
    "output_format": "pdf"
  }'

Best Practices

Security

Do:

• Store keys in environment variables
• Use different keys for dev/staging/prod
• Rotate keys regularly
• Set expiration dates

Don't:

• Commit keys to Git
• Share keys in Slack/Email
• Use the same key everywhere
• Expose keys in frontend code

Example: Environment Variables

# .env file (never commit!)
DOCGENLAB_API_KEY=dgl_your_key_here

import os
from docgenlab import DocGenLabClient

api_key = os.getenv('DOCGENLAB_API_KEY')
client = DocGenLabClient(api_key=api_key)

Rate Limits

API keys are subject to rate limits based on your organization plan:

Plan	Requests/Minute	Concurrent Jobs
Trial	10	2
Starter	60	5
Pro	300	20
Enterprise	Custom	Custom

Handling Rate Limits

When you exceed the rate limit, you'll receive a 429 Too Many Requests response:

{
  "detail": "Rate limit exceeded. Try again in 30 seconds."
}

Best Practices:

• Implement exponential backoff
• Cache template data
• Use bulk generation for multiple documents

Revoking Keys

If a key is compromised:

1. Go to Settings → Developer
2. Find the compromised key
3. Click Revoke
4. Generate a new key
5. Update your applications

warning

Revoking a key is immediate and irreversible. All requests using that key will fail.

Monitoring Usage

Track API key usage:

1. Navigate to Settings → Developer
2. View Last Used timestamp
3. Check usage in Audit Logs (Enterprise only)

Examples

See complete code examples:

• Python
• Node.js
• cURL

Next Steps

• Setup Webhooks for async notifications
• API Reference for all endpoints
• View Examples