Authorization request header. DocInject supports two token types: API keys for server-to-server integrations, and session tokens issued by the DocInject web app. For most integrations, you’ll use an API key.
Base URL
All API v1 endpoints are served from:Token types
API keys
API keys
API keys are long-lived credentials you create in the DocInject dashboard. They’re designed for server-to-server integrations, CI pipelines, internal tooling, webhooks, and scripts that act on your organization’s behalf.
- Created in Settings → API Keys
- Never expire until you delete them
- Scoped to your organization
- The raw key value is shown only once at creation. Copy it immediately.
Session tokens
Session tokens
Session tokens are short-lived JWTs issued by the DocInject web application after a user logs in. The web app uses these automatically on every request.You don’t need session tokens to build integrations. Use an API key instead.
How to authenticate
Include your token as a Bearer value in theAuthorization header on every request:
Authorization header is missing or malformed, the API returns:
Get your API key
1
Open Settings
In the DocInject dashboard, navigate to Settings → API Keys.
2
Create a new key
Click Create API key, give it a descriptive name (for example,
ci-pipeline or zapier-integration), and confirm.3
Copy immediately
The full key value is displayed only once. Copy it now and store it in a secrets manager or environment variable. DocInject does not store the raw key.
Your organization’s
org_slug appears in Settings → Organization. You’ll need it for org-scoped endpoints throughout the API.
