Authentication
Curacel Doc Extractor API uses API key-based authentication to secure access to our services. This guide will help you understand how to authenticate your requests and manage your API keys.
API Key Authentication
All requests to the Curacel Doc Extractor API must include a valid API key in the request headers. The API key serves as your unique identifier and determines your access level and rate limits.
Header Format
Include your API key in the X-API-Key header:
curl -X POST "https://api.doc-extractor.curacel.co/api/extract" \
-H "X-API-Key: your_api_key_here" \
-H "Content-Type: application/json" \
-d '{
"files": [...],
"fields": [...]
}'
Bearer Token Authentication
Alternatively, you can use Bearer token authentication:
curl -X POST "https://api.doc-extractor.curacel.co/api/extract" \
-H "Authorization: Bearer your_bearer_token_here" \
-H "Content-Type: application/json" \
-d '{
"files": [...],
"fields": [...]
}'
Getting Your API Key
1. Sign Up for an Account
Visit our developer portal to create your account.
2. Generate API Key
Once you've signed up, you can generate your API key from the developer dashboard:
- Log in to your account
- Navigate to the API Keys section
- Click "Generate New API Key"
- Copy and securely store your API key
3. Production Environment
The API key is used for the production environment where real document processing occurs.
API Key Security
Best Practices
Keep Your API Key Secret
- Never expose your API key in client-side code
- Don't commit API keys to version control
- Use environment variables to store API keys
Rotate Keys Regularly
- Generate new keys periodically
- Revoke old keys when no longer needed
- Monitor key usage for suspicious activity
Use Environment Variables
# Set environment variable
export DOC_EXTRACTOR_API_KEY="your_api_key_here"
# Use in your application
curl -X POST "https://api.doc-extractor.curacel.co/api/extract" \
-H "X-API-Key: $DOC_EXTRACTOR_API_KEY" \
-H "Content-Type: application/json"
Key Management
- View Active Keys: Check your dashboard for all active API keys
- Revoke Keys: Deactivate compromised or unused keys
- Monitor Usage: Track API usage and rate limits
- Set Permissions: Configure key permissions for different access levels
Rate Limits
API keys are subject to rate limits based on your plan:
| Plan | Requests per Minute | Requests per Day |
|---|---|---|
| Free | 10 | 1,000 |
| Pro | 100 | 10,000 |
| Enterprise | 1,000 | 100,000 |
Rate Limit Headers
The API includes rate limit information in response headers:
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 95
X-RateLimit-Reset: 1640995200
Error Handling
Authentication Errors
When authentication fails, you'll receive a 401 Unauthorized response:
{
"status": false,
"message": "Invalid API key"
}
Common Authentication Issues
Missing API Key
{
"status": false,
"message": "API key is required"
}Invalid API Key
{
"status": false,
"message": "Invalid API key"
}Expired API Key
{
"status": false,
"message": "API key has expired"
}
Testing Authentication
You can test your API key authentication using a simple request:
curl -X POST "https://api.sandbox.doc-extractor.curacel.co/api/extract" \
-H "X-API-Key: your_sandbox_api_key" \
-H "Content-Type: application/json" \
-d '{
"files": [
{
"type": "url",
"file": {
"name": "test.pdf",
"content": "https://example.com/test.pdf"
}
}
],
"fields": ["test_field"]
}'
A successful response indicates your authentication is working correctly.
Support
If you encounter authentication issues:
- Verify your API key is correct
- Check that you're using the right environment (sandbox vs production)
- Ensure your API key hasn't expired
- Contact support at support@curacel.ai for assistance