Authentication

All API requests require authentication via an API key.

API Key Format

API keys follow the format pd_live_ followed by 32 hex characters:

pd_live_a3b2c4d5e6f7890123456789abcdef01

Using Your API Key

Pass your API key in the Authorization header as a Bearer token:

curl -X POST https://pixdoc.dev/api/v1/pdf \
-H "Authorization: Bearer pd_live_a3b2c4d5..." \
-H "Content-Type: application/json" \
-d '{"html": "<h1>Hello</h1>"}'

Supported Endpoints

All versioned API endpoints accept API key authentication:

Managing Keys

• Create keys at Dashboard → API Keys
• Keys can be revoked at any time. Revoked keys immediately stop working
• You can create multiple keys for different environments (production, staging, development)
• The full key is shown only once at creation. Store it securely

Rate Limits

Your plan determines how many renders you can make per month:

When you exceed your limit, requests return a 429 status with error code RATE_LIMITED. The X-Renders-Remaining response header shows how many renders you have left.

Paid plans support overage billing at $0.01 per render beyond the included amount. The Free plan is hard-capped at 100 renders.

Error Responses

Authentication failures return JSON with an error code:

{
  "error": "UNAUTHORIZED",
  "message": "Invalid or missing API key"
}

Security Best Practices

• Never commit API keys to version control
• Use environment variables in your application
• Create separate keys for production and development
• Revoke unused or compromised keys immediately
• Rotate keys periodically for sensitive applications