Authentication
All API requests require authentication using an API key. This guide explains how to obtain and use API keys securely.
Obtaining an API Key
- Sign in to your Structurify Dashboard
- Navigate to Settings → API Keys
- Click Create API Key
- Copy and store the key securely - it will only be shown once
API keys grant access to your account. Never commit them to version control or expose them in client-side code.
Using API Keys
Include your API key in every request using one of these methods:
Authorization Header (Recommended)
Authorization: Bearer sk_live_your_api_key
X-API-Key Header
X-API-Key: sk_live_your_api_key
SDK Configuration
- Python
- Node.js
- Environment
import os
from structurify import Structurify
# Recommended: Use environment variable
client = Structurify(api_key=os.environ['STRUCTURIFY_API_KEY'])
# Or pass directly (not recommended for production)
client = Structurify(api_key="sk_live_your_api_key")
import { Structurify } from '@structurify/sdk';
// Recommended: Use environment variable
const client = new Structurify({
apiKey: process.env.STRUCTURIFY_API_KEY!,
});
// Or pass directly (not recommended for production)
const client = new Structurify({
apiKey: 'sk_live_your_api_key',
});
# Linux/macOS
export STRUCTURIFY_API_KEY=sk_live_your_api_key
# Windows (PowerShell)
$env:STRUCTURIFY_API_KEY="sk_live_your_api_key"
# .env file
STRUCTURIFY_API_KEY=sk_live_your_api_key
API Key Format
API keys follow this format:
sk_live_<32_random_characters>
Example: sk_live_abc123def456ghi789jkl012mno345
Security Best Practices
- Use environment variables - Never hardcode API keys
- Rotate keys periodically - Generate new keys and deprecate old ones
- Use separate keys - Different keys for development and production
- Monitor usage - Check your dashboard for unexpected activity
- Revoke compromised keys - Immediately revoke any exposed keys
Rate Limits
Each API key has associated rate limits:
| Limit | Default |
|---|---|
| Requests per minute | 60 |
| Requests per day | 10,000 |
Rate limit headers are included in every response:
| Header | Description |
|---|---|
X-RateLimit-Limit | Maximum requests allowed |
X-RateLimit-Remaining | Requests remaining |
X-RateLimit-Reset | Unix timestamp when limit resets |
When rate limited, you'll receive a 429 Too Many Requests response with a Retry-After header.
Credits
API usage consumes credits from your organization's balance:
- 1 credit = 1 document extracted
Check your credit balance in the Structurify Dashboard.
Revoking API Keys
To revoke a compromised API key:
- Go to Structurify Dashboard
- Navigate to Settings → API Keys
- Click Revoke next to the key
Revoked keys immediately stop working. Generate a new key and update your applications.