API keys
Carbone Cloud API Keys
Use API keys to authenticate API requests.
Carbone authenticates your API requests using your account’s API keys by joining the header Authorization
with the API key as value.
If a request doesn’t include a valid key, Carbone API returns an invalid request error (Status 401).
If a request includes a deleted or expired key, Carbone API returns an authentication error (Status 401).
You can use the Account dashboard to reveal, and roll API keys.
Test versus Production keys
API Key type | When to use | File export supported | Effect on document generation | Effect on templates storage | Considerations |
---|---|---|---|---|---|
Test key | For testing purpose: use the test API keys, as you build your integration | PDF only (with a watermark) | When generating a document with | When adding a template on your storage with | If the export format is not |
Production key | For production purpose: use the Production API key, when you’re ready to launch your integration | All files formats (without watermark) | When generating a document with | When adding a template on your storage with | The |
Keep your keys safe 🔒
Anyone can use your Production secret API key to make any API call on behalf of your account, such as creating a report or deleting templates. Keep your keys safe by following these best practices:
- Grant Administration access to your Carbone account only to those who need it.
- Don’t store keys in a version control system.
- Control access to keys with a password manager or secrets management service.
- Don’t embed a key where it could be exposed to an attacker, such as in a mobile application.
Delete an API key
It is not possible to delete an API key, but you can roll the API key. After generating a new key, any code that used the previous key can no longer make API calls.
Updated on: 01/26/2024
Thank you!