Authentication
The PaperFox API authenticates with a secret key. Create and manage keys in API Keys. Each key looks like pf_live_… and is shown only once at creation.
Sending the key
Pass your key as a Bearer token on every request:
Authorization: Bearer pf_live_YOUR_KEYAn X-API-Key: pf_live_… header is also accepted.
Keep keys secret
- Use keys only from your server — never ship them in client-side or mobile code.
- PaperFox stores only a hash of your key. If you lose it, revoke it and create a new one.
- Revoking a key takes effect immediately.
Requests with a missing, invalid, or revoked key return
401 invalid_api_key. See Errors.