Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.docinject.com/llms.txt

Use this file to discover all available pages before exploring further.

All protected DocInject API endpoints require a Bearer token in the Authorization request header. DocInject supports two token types: API keys for server-to-server integrations, and session tokens issued by the DocInject web app. For most integrations, you’ll use an API key.

Base URL

All API v1 endpoints are served from: 
https://api.docinject.io/api/v1

Token types

API keys are long-lived credentials you create in the DocInject dashboard. They’re designed for server-to-server integrations — CI pipelines, internal tooling, webhooks, and scripts that act on your organization’s behalf.
  • Created in Settings → API Keys
  • Never expire until you delete them
  • Scoped to your organization
  • The raw key value is shown only once at creation — copy it immediately
Session tokens are short-lived JWTs issued by the DocInject web application after a user logs in. The web app uses these automatically on every request.You don’t need session tokens to build integrations. Use an API key instead.

How to authenticate

Include your token as a Bearer value in the Authorization header on every request: 
curl https://api.docinject.io/api/v1/documents \
  -H "Authorization: Bearer YOUR_API_KEY"
If the Authorization header is missing or malformed, the API returns: 
HTTP 401 Unauthorized

{
  "detail": "Missing or invalid authorization header"
}

Get your API key

1

Open Settings

In the DocInject dashboard, navigate to Settings → API Keys.
2

Create a new key

Click Create API key, give it a descriptive name (for example, ci-pipeline or zapier-integration), and confirm.
3

Copy immediately

The full key value is displayed only once. Copy it now and store it in a secrets manager or environment variable. DocInject does not store the raw key.
Keep your API keys secret. Never commit them to source control or expose them in client-side code. If a key is compromised, delete it immediately in Settings → API Keys and create a replacement.

Public endpoint (no auth required)

One endpoint is publicly accessible without a token — fetching a published document by share token: 
GET /api/v1/public/{org_slug}/documents/{token}
This returns the published content of a document that has been shared via a share link. No Authorization header is needed.
Your organization’s org_slug appears in Settings → Organization. You’ll need it for org-scoped endpoints throughout the API.