Authentication
All API requests to pdfRelay require authentication using an API key passed as a Bearer token in the Authorization header.
Creating API Keys
To create an API key, navigate to the API Keys section in your dashboard:
- 1Log in to your pdfRelay dashboard.
- 2Go to Settings → API Keys.
- 3Click Create New Key and give it a descriptive name (e.g., "Production Server" or "Development").
- 4Copy the key immediately. It will only be shown once.
Using Bearer Tokens
Include your API key in the Authorization header of every request:
curl -X POST https://api.pdfrelay.com/v1/convert \
-H "Authorization: Bearer sk_live_your_api_key_here" \
-H "Content-Type: application/json" \
-d '{"html": "<h1>Hello</h1>"}'If no key is provided or the key is invalid, the API will return a 401 Unauthorized response.
Test vs Live Keys
pdfRelay provides two types of API keys for different environments:
| Key Type | Prefix | Purpose | Billing |
|---|---|---|---|
| Test | sk_test_ | Development & testing | Free, does not count toward quota |
| Live | sk_live_ | Production use | Counts toward monthly quota |
Test keys generate valid PDFs but are not billed and do not count against your monthly conversion limit. Use them freely during development.
Key Security Best Practices
- Never expose API keys in client-side code. Always call the pdfRelay API from your server or backend.
- Use environment variables to store keys. Never commit them to version control.
- Rotate keys periodically. You can have multiple active keys to enable zero-downtime rotation.
- Use separate keys for different environments (development, staging, production).
- Revoke compromised keys immediately from the dashboard and generate new ones.