Getting Your API Key
- Sign in to your Doctly dashboard
- Navigate to Settings then API Keys
- Click Create API Key
- Copy and securely store your key
Using Your API Key
Include your API key in theAuthorization header as a Bearer token:
Example Requests
Environment Variables
Store your API key in an environment variable:Authentication Errors
401 Unauthorized
Returned when the API key is missing or invalid:- Missing Authorization header
- Missing Bearer prefix
- Invalid or revoked API key
- Using a test key in production or vice versa
403 Forbidden
Returned when the API key does not have permission for the requested resource:Security Best Practices
Keep Keys Secret
Never expose API keys in client-side code, public repositories, or logs.
Use Environment Variables
Store keys in environment variables or a secrets manager, not in code.
Rotate Regularly
Create new keys periodically and revoke old ones.
Limit Scope
Create separate keys for different environments like development, staging, production.
Managing API Keys
Revoke a Key
If a key is compromised, revoke it immediately in your dashboard:- Go to Settings then API Keys
- Find the key to revoke
- Click Revoke
Revoking a key is immediate and cannot be undone. Any applications using that key will stop working.