Authentication
PDFShot uses API keys to authenticate requests. Include your key in the Authorization header.
Using Your API Key
Send your API key as a Bearer token:
Authorization: Bearer pds_your_api_key_here
Full request example:
const response = await fetch('https://convert.pdfshot.com/convert', {
method: 'POST',
headers: {
'Authorization': 'Bearer pds_abc123...',
'Content-Type': 'application/json'
},
body: JSON.stringify({ html: '<h1>Hello</h1>' })
})
import requests
response = requests.post(
'https://convert.pdfshot.com/convert',
headers={
'Authorization': 'Bearer pds_abc123...',
'Content-Type': 'application/json'
},
json={'html': '<h1>Hello</h1>'}
)
payload := map[string]string{"html": "<h1>Hello</h1>"}
body, _ := json.Marshal(payload)
req, _ := http.NewRequest("POST",
"https://convert.pdfshot.com/convert",
bytes.NewBuffer(body))
req.Header.Set("Authorization", "Bearer pds_abc123...")
req.Header.Set("Content-Type", "application/json")
client := &http.Client{}
resp, _ := client.Do(req)
require 'net/http'
require 'json'
uri = URI('https://convert.pdfshot.com/convert')
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
request = Net::HTTP::Post.new(uri)
request['Authorization'] = 'Bearer pds_abc123...'
request['Content-Type'] = 'application/json'
request.body = { html: '<h1>Hello</h1>' }.to_json
response = http.request(request)
$ch = curl_init('https://convert.pdfshot.com/convert');
curl_setopt_array($ch, [
CURLOPT_RETURNTRANSFER => true,
CURLOPT_POST => true,
CURLOPT_HTTPHEADER => [
'Authorization: Bearer pds_abc123...',
'Content-Type: application/json'
],
CURLOPT_POSTFIELDS => json_encode(['html' => '<h1>Hello</h1>'])
]);
$response = curl_exec($ch);
curl -X POST https://convert.pdfshot.com/convert \
-H "Authorization: Bearer pds_abc123..." \
-H "Content-Type: application/json" \
-d '{"html": "<h1>Hello</h1>"}'
Key Format
API keys follow this format:
- Prefix:
pds_ - Length: 40 characters total
- Characters: lowercase letters and numbers
Example: pds_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6
Managing API Keys
Create a Key
- Sign in to your Dashboard
- Click "Create API Key"
- Give it a descriptive name (e.g., "Production", "Development")
- Copy the key immediately - you won't see it again
Important: Copy your API key when it's shown. For security, we only store a hash of the key and cannot retrieve the original.
Revoke a Key
If a key is compromised:
- Go to your Dashboard
- Find the key by name or prefix
- Click "Revoke"
- The key stops working immediately
Security Best Practices
Do
- Store keys in environment variables
- Use different keys for development and production
- Rotate keys periodically
- Revoke unused keys
Don't
- Commit keys to version control
- Share keys in chat or email
- Expose keys in client-side JavaScript
- Log keys in application logs
Environment Variables
Store your key in an environment variable:
# .env (don't commit this file)
PDFSHOT_API_KEY=pds_your_api_key_here
Access it in your code:
const apiKey = process.env.PDFSHOT_API_KEY
import os
api_key = os.environ.get('PDFSHOT_API_KEY')
apiKey := os.Getenv("PDFSHOT_API_KEY")
api_key = ENV['PDFSHOT_API_KEY']
$apiKey = getenv('PDFSHOT_API_KEY');
echo $PDFSHOT_API_KEY
Error Responses
| Status | Code | Meaning |
|---|---|---|
| 401 | UNAUTHORIZED | Missing or malformed Authorization header |
| 403 | FORBIDDEN | Invalid or revoked API key |
Example error response:
{
"success": false,
"error": {
"code": "UNAUTHORIZED",
"message": "Missing or invalid Authorization header"
}
}