Overview
Integrations should use an API key. Send it on every request using one of the methods below.
| Method | Header |
|---|
| Recommended | x-api-key: <YOUR_API_KEY> |
| Alternative | Authorization: Bearer <YOUR_API_KEY> |
{
"error": "Unauthorized. A valid API key or active session is required.",
"hint": "Pass your API key using the x-api-key header, or Authorization: Bearer <key>."
}
Create an API key
- Open API keys in the dashboard.
- Click Create API key and pick a name (for example
production-billing).
- Copy the key once it appears. You cannot see it again later.
Treat the key like a password. Store it in environment variables or a secrets manager, not in source control.
Examples
curl -X POST https://pdfgorilla.io/api/v1/templates/TEMPLATE_ID/generate \
-H "x-api-key: QFrvc..." \
-H "Content-Type: application/json" \
-d '{"data": {}}' \
--output doc.pdf
Rate limits (API key)
API-key traffic is checked by two limits:
| Check | Limit |
|---|
Generate requests per API key (POST .../generate and API-key calls to POST .../generate-async) | 60 requests per minute |
Async job creation per API key (POST .../generate-async) | 20 new jobs per minute |
x-ratelimit-limit, x-ratelimit-remaining, and x-ratelimit-reset (milliseconds since epoch for the window reset).
See Limits for quotas and job concurrency.
Rotate or revoke a key
Delete keys you no longer need from API keys. Deleted keys stop working immediately. Create a new key before deleting the last one if you need zero downtime.
