X-Api-Key header.
API key authentication
dp_ prefix and are created in the API keys settings page.
Example request
Creating API keys
- Go to Settings → API keys in the dashboard
- Click Create API key
- Enter a descriptive name
- Copy the key immediately. It is only shown once
Key scope
API keys are scoped to your organization. A key grants theApiKey.Trigger.Create permission, which allows submitting documents to any active pipe with a webhook trigger in your organization.
Authentication errors
| Status code | Description |
|---|---|
401 Unauthorized | API key is missing, invalid, or deactivated |
403 Forbidden | API key does not have permission for this action |
Security best practices
- Never expose keys in client-side code: API keys should only be used in server-side applications
- Use environment variables: store keys in environment variables or a secrets manager, not in source code
- Rotate keys regularly: create a new key, update your integration, then delete the old key
- Use one key per integration: create separate keys for each application or environment so you can revoke them independently
- Delete unused keys: remove keys that are no longer needed to minimize your attack surface