PromptPDF

Documentation

Learn how to use PromptPDF effectively

API Authentication

All requests to the PromptPDF API require authentication. This page explains how to authenticate your API requests.

API Keys

PromptPDF uses API keys to authenticate requests. You can generate and manage your API keys from your account dashboard.

Generating an API Key

  1. Log in to your PromptPDF account
  2. Navigate to Settings > API Keys
  3. Click "Generate New API Key"
  4. Give your key a name (e.g., "Development", "Production")
  5. Set permissions for the key (if applicable)
  6. Click "Create API Key"
  7. Copy and securely store your API key - it will only be shown once

Security Warning

Keep your API keys secure and never expose them in client-side code. If a key is compromised, revoke it immediately and generate a new one.

Authentication Methods

PromptPDF supports two methods for API authentication:

Bearer Token Authentication

The recommended method is to include your API key in the Authorization header as a Bearer token:

Authorization: Bearer YOUR_API_KEY

Example Request with Bearer Token

// Using fetch API
const response = await fetch('https://api.promptpdf.com/v1/generate', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Authorization': 'Bearer YOUR_API_KEY'
  },
  body: JSON.stringify({
    prompt: 'Write a formal letter requesting a refund',
    template: 'formal-letter',
    modelType: 'qwen',
    format: 'pdf'
  })
});

Query Parameter Authentication

Alternatively, you can include your API key as a query parameter:

https://api.promptpdf.com/v1/generate?api_key=YOUR_API_KEY

This method is less secure and should only be used when you cannot modify headers.

API Key Permissions

When generating an API key, you can set specific permissions:

  • Read Only: Can only access GET endpoints
  • Generate: Can generate documents but not access account settings
  • Full Access: Can access all API endpoints

Rate Limits

API requests are subject to rate limiting based on your subscription plan:

  • Free tier: 100 requests per day
  • Basic tier: 1,000 requests per day
  • Professional tier: 10,000 requests per day
  • Enterprise tier: Custom limits

Rate limit information is included in the response headers:

X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 950
X-RateLimit-Reset: 1625097600

Error Responses

If authentication fails, the API will return a 401 Unauthorized response:

{
  "success": false,
  "error": {
    "code": "unauthorized",
    "message": "Invalid API key or insufficient permissions"
  }
}

Best Practices

  • Use environment variables to store API keys in your applications
  • Never hardcode API keys in your source code
  • Use different API keys for development and production environments
  • Implement proper error handling for authentication failures
  • Regularly rotate your API keys for enhanced security
  • Set the minimum required permissions for each API key

Next Steps

Now that you understand how to authenticate with the API, learn how to: