Authentication

The PaperFox API authenticates with a secret key. Create and manage keys in API Keys. Each key looks like pf_live_… and is shown only once at creation.

Sending the key

Pass your key as a Bearer token on every request:

Authorization: Bearer pf_live_YOUR_KEY

An X-API-Key: pf_live_… header is also accepted.

Keep keys secret

  • Use keys only from your server — never ship them in client-side or mobile code.
  • PaperFox stores only a hash of your key. If you lose it, revoke it and create a new one.
  • Revoking a key takes effect immediately.
Requests with a missing, invalid, or revoked key return 401 invalid_api_key. See Errors.