Authentication
Learn how to authenticate your API requests to RenderDoc.
Overview
RenderDoc API uses API Keys for authentication. API keys are designed for programmatic access and server-to-server communication.
API Key Authentication
How It Works
API Keys are long-lived credentials that allow your application to make authenticated requests to the RenderDoc API. Each request must include your API key in the Authorization header.
Creating an API Key
- Visit the RenderDoc Dashboard and sign in
- Navigate to Settings → API Keys
- Click Create API Key
- Configure your key:
- Name: A descriptive name (e.g., "Production Server")
- Permissions: Select required permissions
- Expiration (optional): Set an expiration date
- Click Create and copy your key immediately
warning
The API key is only shown once. Save it securely!
API Key Format: rd_sk_abc123xyz456...
Using Your API Key
Include your API key in the Authorization header:
curl https://api.renderdoc.dev/api/v1/documents/generate \
-H "Authorization: Bearer rd_sk_abc123xyz456..." \
-H "Content-Type: application/json" \
-d '{
"templateId": "invoice-template",
"format": "pdf",
"variables": { "invoiceNumber": "INV-001" }
}'
Code Examples
JavaScript
const API_KEY = 'rd_sk_abc123xyz456...';
const response = await fetch('https://api.renderdoc.dev/api/v1/documents/generate', {
method: 'POST',
headers: {
'Authorization': `Bearer ${API_KEY}`,
'Content-Type': 'application/json',
},
body: JSON.stringify({
templateId: 'invoice-template',
format: 'pdf',
variables: {
invoiceNumber: 'INV-001',
customerName: 'Acme Corp',
},
}),
});
const data = await response.json();
console.log('Download URL:', data.downloadUrl);
Python
import requests
API_KEY = 'rd_sk_abc123xyz456...'
response = requests.post(
'https://api.renderdoc.dev/api/v1/documents/generate',
headers={
'Authorization': f'Bearer {API_KEY}',
'Content-Type': 'application/json',
},
json={
'templateId': 'invoice-template',
'format': 'pdf',
'variables': {
'invoiceNumber': 'INV-001',
'customerName': 'Acme Corp',
},
},
)
data = response.json()
print('Download URL:', data['downloadUrl'])
Security Best Practices
Do
- Store API keys in environment variables
- Use separate keys for development and production
- Set expiration dates for added security
- Rotate keys regularly (every 90 days)
- Revoke unused keys
Don't
- Commit API keys to version control
- Share API keys via email or chat
- Hardcode keys in client-side code
- Expose keys in public repositories
Error Responses
| Status | Code | Message | Solution |
|---|---|---|---|
| 401 | ERR_AUTH_001 | You are not authorized to access this resource | Include valid Authorization header |
| 401 | ERR_AUTH_004 | Invalid authentication token | Verify your API key is correct |
| 401 | ERR_AKEY_002 | Invalid API key | Check that the API key format is valid |
| 401 | ERR_AKEY_003 | API key has been deactivated | Create a new API key or reactivate the existing one |
| 403 | ERR_AUTH_005 | You do not have permission to perform this action | Check API key permissions |
See Error Codes for the complete error reference.
Next Steps
- Documents API - Generate documents
- Templates API - Manage templates
- Error Codes - Handle errors
Back to API Reference