Authentication
All API requests require authentication via an API key or JWT token passed in the Authorization header.
API Key Authentication
Authorization: Bearer dp_live_abc123def456
API keys are created in the DocPayload dashboard under Settings > API Keys.
Key types
| Type | Prefix | Use case |
|---|---|---|
| Live | dp_live_ | Production requests |
| Test | dp_test_ | Development and testing (no billing) |
Security best practices
- Store API keys in environment variables, never in source code
- Use test keys during development
- Rotate keys periodically via the dashboard
- Restrict keys to specific IP addresses when possible
JWT Token Authentication
For server-to-server integrations, you can authenticate using JWT tokens obtained from the OAuth 2.0 flow.
Authorization: Bearer eyJhbGciOiJSUzI1NiIs...
Contact support for OAuth 2.0 client credentials setup.
Error responses
| Status | Description |
|---|---|
401 Unauthorized | Missing or invalid API key |
403 Forbidden | API key does not have permission for this resource |
429 Too Many Requests | Rate limit exceeded |