Authentication

Learn how to authenticate your API requests using API keys.

Overview

Shablonix API uses API keys to authenticate requests. You can create and manage your API keys from the dashboard. All API requests must include a valid API key in the Authorization header.

We provide two types of API keys:

Live keys - Use in production environments. Requests are billed to your account.
Test keys - Use for development and testing. Generated documents have a watermark.

Creating API Keys

Follow these steps to create a new API key:

1 Log in to your Shablonix Dashboard
2 Navigate to Settings → API Keys
3 Click Create New Key
4 Choose the key type (Live or Test) and add an optional description
5 Copy your new API key and store it securely

Store Your Key Securely

API keys are only shown once when created. Make sure to copy and store your key in a secure location. If you lose your key, you will need to create a new one.

API Key Format

API keys follow a specific format that indicates their type and environment:

Type	Prefix	Example	Use Case
Live	`tf_live_`	`tf_live_abc123xyz...`	Production
Test	`tf_test_`	`tf_test_def456uvw...`	Development

The full API key is 51 characters long and consists of:

- Prefix: tf_live_ or tf_test_ (8 characters)
- Random identifier: 43 alphanumeric characters

Authentication Header

Include your API key in the Authorization header of every request using the Bearer token format:

			
				Authorization: Bearer tf_live_your_api_key_here

Never Expose Your API Key

Never include your API key in client-side code, public repositories, or anywhere it could be accessed by unauthorized users. Always make API calls from your server.

Code Examples

Here are examples of how to authenticate API requests in different languages:

cURL

			
				curl -X GET https://api.shablonix.com/v1/templates \
  -H "Authorization: Bearer tf_live_your_api_key" \
  -H "Content-Type: application/json"

Node.js

			
				// Using fetch
const response = await fetch('https://api.shablonix.com/v1/templates', {
  headers: {
    'Authorization': 'Bearer tf_live_your_api_key',
    'Content-Type': 'application/json'
  }
});

// Using the SDK (recommended)
import { Shablonix } from '@shablonix/sdk';

const client = new Shablonix('tf_live_your_api_key');
const templates = await client.templates.list();

Python

			
				# Using requests
import requests

headers = {
    'Authorization': 'Bearer tf_live_your_api_key',
    'Content-Type': 'application/json'
}

response = requests.get(
    'https://api.shablonix.com/v1/templates',
    headers=headers
)

# Using the SDK (recommended)
from shablonix import Shablonix

client = Shablonix('tf_live_your_api_key')
templates = client.templates.list()

Go

			
				package main

import (
    "net/http"
)

func main() {
    client := &http.Client{}
    req, _ := http.NewRequest("GET", "https://api.shablonix.com/v1/templates", nil)
    req.Header.Set("Authorization", "Bearer tf_live_your_api_key")
    req.Header.Set("Content-Type", "application/json")

    resp, _ := client.Do(req)
    defer resp.Body.Close()
}

Security Best Practices

Follow these guidelines to keep your API keys secure:

Use Environment Variables

Store API keys in environment variables, never in source code.

			
				# .env file (add to .gitignore)
SHABLONIX_API_KEY=tf_live_your_api_key

# Access in Node.js
const apiKey = process.env.SHABLONIX_API_KEY;

# Access in Python
import os
api_key = os.environ.get('SHABLONIX_API_KEY')

Rotate Keys Regularly

Create new API keys periodically and revoke old ones. This limits the impact if a key is compromised.

Use Separate Keys per Environment

Use test keys for development and staging, and live keys only in production.

Monitor Key Usage

Regularly review API usage in your dashboard to detect any unauthorized access.