API keys let you authenticate programmatic requests to the DocPipe API, such as triggering pipelines via the HTTP trigger.
Creating an API key
- Go to Settings → API keys
- Click Create API key
- Enter a descriptive name (for example, “Production integration”)
- Optionally set an expiration date — the key will automatically stop working after this date. If left blank, the key does not expire
- Click Create
- Copy the key immediately: it is only shown once
Store your API key securely. You cannot retrieve the full key after creation. If you lose it, you must create a new one.
dp_ prefix followed by a unique identifier:
dp_a1b2c3d4e5f6g7h8i9j0...
Using your API key
Include the key in the X-Api-Key header of your API requests:
curl -X POST "https://api.docpipe.ai/pipes/{pipeId}/http-trigger" \
-H "X-Api-Key: dp_your_api_key_here" \
-F "file=@document.pdf"
Key scope
API keys are scoped to your organization. A key can access any pipe in the organization that has an HTTP trigger configured. The key carries the ApiKeyAuth.Trigger.Create permission, allowing it to submit files to any active pipe’s HTTP trigger.
Managing keys
Deactivating a key
Deactivate a key to temporarily disable it without deleting it. Requests using a deactivated key receive a 401 error.
Deleting a key
Delete a key to permanently revoke it. This action cannot be undone.
Security best practices
- Rotate keys regularly: create a new key, update your integrations, then delete the old key
- Use descriptive names: name keys after their purpose (for example, “CI/CD pipeline”, “Production app”)
- Never commit keys to source control: use environment variables or a secrets manager
- Delete unused keys: remove keys that are no longer in use
- Monitor usage: review your runs to detect unexpected API activity
