Getting Started
Authentication
DocumentFlowAI uses API keys for authentication. All requests must include a valid key via the Authorization header.
API Key Format
All API keys are prefixed with af_ followed by 40 alphanumeric characters. Keys are stored as SHA-256 hashes — we never store the raw key, and it is shown only once at creation.
af_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxSending Your Key
Include your key as a Bearer token in the Authorization header of every request.
bash
curl https://api.documentflowai.com/v1/extract \
-H "Authorization: Bearer af_YOUR_API_KEY_HERE" \
-F "[email protected]"Never expose your key:Do not include API keys in frontend code, browser requests, or public repositories. Always proxy through your backend server.
Python Example
client.py
import requests
API_KEY = "af_YOUR_API_KEY_HERE"
response = requests.post(
"https://api.documentflowai.com/v1/extract",
headers={"Authorization": f"Bearer {API_KEY}"},
files={"file": open("invoice.pdf", "rb")},
)
print(response.json())Node.js Example
client.ts
const API_KEY = "af_YOUR_API_KEY_HERE";
const form = new FormData();
form.append("file", new Blob([fs.readFileSync("invoice.pdf")]), "invoice.pdf");
const res = await fetch(
"https://api.documentflowai.com/v1/extract",
{
method: "POST",
headers: { Authorization: `Bearer ${API_KEY}` },
body: form,
}
);
console.log(await res.json());401 Unauthorized
If your key is missing, malformed, or revoked, the API returns a 401 response:
error response
{
"detail": {
"error": "invalid_api_key",
"message": "Invalid or inactive API key"
}
}