Getting started

Authentication

Create an API key and sign your requests.

Every call to https://api.pdf-forge.dev/v1/* is authenticated with an API key sent as a Bearer token:

Authorization: Bearer pf_live_xxxxxxxxxxxxxxxxxxxxxxxx

Key types

PrefixTypeBehaviour
pf_live_Live keyProduction. Rate-limited per plan, counts against your monthly quota.
pf_test_Test keyDevelopment. Exempt from per-minute rate limiting.

The key is shown only once

The full key appears a single time, at creation. Only the prefix (pf_live_a1b2c3d4...) is stored and displayed afterwards. Copy it into a secret manager immediately.

Create a key

Create your first key from the dashboard (API keys). You can also manage keys by API once you have one:

curl -X POST https://api.pdf-forge.dev/v1/keys \
  -H "Authorization: Bearer $PDFFORGE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{ "name": "CI pipeline", "isTest": false }'

Returns 201 with id, key (full key — only time you see it), prefix, name, isTest, rateLimit and createdAt.

curl https://api.pdf-forge.dev/v1/keys \
  -H "Authorization: Bearer $PDFFORGE_API_KEY"

Returns { "keys": [...] } — prefix, name, rate limit, lastUsedAt, revokedAt, never the full key.

curl -X POST https://api.pdf-forge.dev/v1/keys/KEY_ID/rotate \
  -H "Authorization: Bearer $PDFFORGE_API_KEY"

Revokes the old key and returns a brand-new one (key field, shown once).

curl -X DELETE https://api.pdf-forge.dev/v1/keys/KEY_ID \
  -H "Authorization: Bearer $PDFFORGE_API_KEY"

The key stops working immediately.

The number of active keys is capped by your plan (1 on Free, up to 100 on Enterprise) — see Errors & limits.

Use the key

export PDFFORGE_API_KEY="pf_live_..."

curl -X POST https://api.pdf-forge.dev/v1/generate/html \
  -H "Authorization: Bearer $PDFFORGE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{ "html": "<h1>Hello</h1>" }' \
  --output hello.pdf
import { PDFForge } from "@pdfforge/core";

// Reads the key from an environment variable — never hardcode it.
const client = new PDFForge(process.env.PDFFORGE_API_KEY!);

The SDK validates the prefix at construction: a key that does not start with pf_live_ or pf_test_ throws immediately.

Authentication errors

All auth failures return 401 with a JSON body:

errorCause
unauthorizedMissing or malformed Authorization header.
invalid_key_formatToken does not start with pf_live_ / pf_test_.
invalid_keyKey not found or revoked.
{
  "error": "unauthorized",
  "message": "Missing or invalid Authorization header",
  "hint": "Use: Authorization: Bearer pf_live_xxxxx"
}

Next steps

On this page