API keys let you authenticate programmatic requests to the DocPipe API, such as triggering pipelines via the webhook trigger.
Creating an API key
- Go to Settings → API keys
- Click New API Key
- Enter a descriptive name (for example, “Production integration”)
- Optionally set an expiration date. The key will automatically stop working after this date. If left blank, the key does not expire
- Click Create
- Copy the key immediately: it is only shown once
Store your API key securely. You cannot retrieve the full key after creation. If you lose it, you must create a new one.
dp_ prefix followed by a unique identifier:
dp_a1b2c3d4e5f6g7h8i9j0...
Using your API key
Include the key in the X-Api-Key header of your API requests:
curl -X POST "https://api.docpipe.ai/pipes/{pipeId}/trigger" \
-H "X-Api-Key: dp_your_api_key_here" \
-F "file=@document.pdf"
Key scope
API keys are scoped to your organization. A key can access any pipe in the organization that has a webhook trigger configured. The key carries the ApiKeyAuth.Trigger.Create permission, allowing it to submit documents to any active pipe’s webhook trigger.
Managing keys
Deactivating a key
Deactivate a key to temporarily disable it without deleting it. Requests using a deactivated key receive a 401 error.
Deleting a key
Delete a key to permanently revoke it. This action cannot be undone.
Security best practices
- Rotate keys regularly: create a new key, update your integrations, then delete the old key
- Use descriptive names: name keys after their purpose (for example, “CI/CD pipeline”, “Production app”)
- Never commit keys to source control: use environment variables or a secrets manager
- Delete unused keys: remove keys that are no longer in use
- Monitor usage: review your runs to detect unexpected API activity
