Authentication

Overview

PageFlow uses API Keys to authenticate requests. All API requests must include a secret API key sent as a Bearer Token in the Authorization header.

You can view and manage your API keys from your PageFlow Dashboard.

1. Getting Your API Key

You can get your API key by signing into the PageFlow Dashboard .

Your API keys carry many privileges, so be sure to keep them secure! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so forth.

2. Using Your API Key

To authenticate a request, provide your API key in the Authorization header. You must use the Bearer authentication scheme.

Header Format: Authorization: Bearer YOUR_API_KEY

You need to replace YOUR_API_KEY with your secret key from the dashboard.

Example Authenticated Request

Here is a cURL example showing how to provide your key when making a request to the /convert endpoint.

curl -X POST \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{ "url": "[https://example.com](https://example.com)" }' \
  --output example.pdf \
  [https://api.pageflow.dev/convert](https://api.pageflow.dev/convert)

If the API key is missing or invalid, you will receive a 401 Unauthorized error.

Security Best Practices 🔐

Never expose your key on the client-side (e.g., in a browser or mobile app). All API requests should be made from your backend server.

Store your API key securely in an environment variable (e.g., PAGEFLOW_API_KEY) on your server and access it from your code. This prevents the key from being committed to your version control history.