Authentication

API Keys Planned

DocuStack uses API keys for authentication. Include your key in the Authorization header of every request.

curl https://api.docustack.com/v1/documents \
  -H "Authorization: Bearer dk_live_your_api_key_here"

import requests

headers = {"Authorization": "Bearer dk_live_your_api_key_here"}
response = requests.get(
    "https://api.docustack.com/v1/documents",
    headers=headers,
)

const response = await fetch('https://api.docustack.com/v1/documents', {
  headers: { 'Authorization': 'Bearer dk_live_your_api_key_here' },
});

Key Types

DocuStack will provide two types of API keys:

Key Type	Prefix	Usage
Live	`dk_live_`	Production requests
Test	`dk_test_`	Development and testing

Test keys operate against a sandboxed environment and will not affect your production data.

Obtaining Keys

API keys will be available from the Settings > API section of your DocuStack dashboard once the API launches.

Security Best Practices

Never expose keys in client-side code. API keys should only be used in server-side applications.
Rotate keys periodically. You will be able to generate new keys and revoke old ones from the dashboard.
Use environment variables. Store keys in environment variables rather than hardcoding them.

export DOCUSTACK_API_KEY="dk_live_your_api_key_here"

import os

api_key = os.environ["DOCUSTACK_API_KEY"]

const apiKey = process.env.DOCUSTACK_API_KEY;

Error Responses

Authentication failures return a 401 Unauthorized status:

{
  "error": {
    "code": "unauthorized",
    "message": "Invalid or missing API key."
  }
}