How to PDF API Authentication

Every API request to SublimePDF requires authentication via an API key. Proper authentication keeps your account secure, prevents unauthorized PDF generation, and ensures your usage is correctly tracked. This guide covers how to generate keys, include them in requests, rotate credentials, and handle authentication errors.

Follow the step-by-step instructions below, then use the free tool directly — no registration or download required.

Open Tool →

How to PDF API Authentication — Step by Step

1

Generate an API key

Log in to the SublimePDF dashboard and navigate to Settings → API Keys. Click 'Create New Key,' give it a descriptive name (e.g., 'production-backend' or 'staging-server'), and copy the key immediately — it won't be shown again.

2

Include the key in requests

Add an Authorization header to every API request: Authorization: Bearer sk_live_your_api_key_here. This works across all endpoints — PDF generation, template management, batch processing, and webhook configuration.

3

Store keys securely

Never hardcode API keys in source files. Use environment variables (SUBLIMEPDF_API_KEY), secret management services (AWS Secrets Manager, Vault, Doppler), or your platform's encrypted config (Vercel Environment Variables, Heroku Config Vars).

4

Set key permissions and scopes

When creating a key, assign scopes to limit its capabilities. A key with only 'pdf:generate' scope cannot manage templates or access account settings. Use the principle of least privilege — give each key only the permissions it needs.

5

Rotate keys regularly

Create a new key, update your application configuration to use it, verify the new key works, then deactivate the old key. This limits exposure if a key is accidentally leaked.

Pro Tips

  • 💡 Create separate API keys for each environment (development, staging, production) and each service that calls the API — this makes it easy to revoke a single key without affecting other systems.
  • 💡 Use the x-sandbox: true header with your live key during development — it generates watermarked PDFs that don't count against your quota, so you don't need a separate sandbox key.
  • 💡 If you accidentally commit an API key to a public repository, revoke it immediately from the dashboard and generate a new one. Treat leaked keys as compromised.
  • 💡 Set up key expiration dates for contractor or temporary access — keys auto-deactivate when they expire, so you don't need to remember to revoke them.

Privacy & Security

All processing happens directly in your browser. Your files are never uploaded to any server — they remain on your device throughout the entire process. SublimePDF uses WebAssembly technology for fast, secure, client-side processing.

Works Everywhere

This tool works on any modern browser — Chrome, Firefox, Safari, or Edge — on desktop, tablet, or mobile. No software to install. PDF is an open ISO standard supported by all major platforms.

How to PDF API Authentication — FAQ

What happens if I send a request without an API key?
The API returns a 401 Unauthorized response with { "error": "missing_api_key", "message": "Include your API key in the Authorization header as 'Bearer sk_live_...'" }. No PDF is generated.
Can I use the API key as a query parameter instead of a header?
No. API keys must be sent in the Authorization header for security. Query parameters appear in server logs, browser history, and CDN caches, making them unsafe for credentials.
How many API keys can I create?
You can create up to 25 active API keys per account. Each key can have different scopes and expiration dates. Deactivated keys don't count toward the limit.
Is there a difference between live and test keys?
Keys prefixed with sk_live_ are production keys that count against your quota. There isn't a separate test key prefix — instead, use the x-sandbox: true header with any live key for testing.

Related Converters

📄📝

PDF to Word

Free online converter

📄📊

PDF to Excel

Free online converter

📄📽️

PDF to PowerPoint

Free online converter

Related Guides

How to PDF API Error Handling

Robust error handling is the difference between a production PDF service that recovers gracefully and one that drops documents silently. SublimePDF's API uses standard HTTP status codes and structured JSON error responses so your application can diagnose failures, retry safely, and present meaningful messages to end users.

How to PDF API Rate Limits

Rate limits protect the SublimePDF API from abuse and ensure fair resource allocation across all users. Understanding your plan's rate limits, monitoring your usage, and implementing proper throttling prevents disruptions in your PDF generation workflow. This guide explains rate limit tiers, response headers, and strategies for staying within limits.

How to Convert HTML To PDF

Converting HTML to PDF is a core workflow for developers, marketers, and anyone who needs a permanent, printable snapshot of web content. Whether you're archiving a webpage, generating reports from a web app, saving receipts from online purchases, or creating documentation from HTML templates, PDF conversion captures the visual layout, links, and styling in a portable format.

Ready to get started?

Use SublimePDF's free tools right now.

Open Tool