Authentication
Learn how to authenticate your API requests to Rynko.
Overview
Rynko API uses API Keys for authentication. API keys are designed for programmatic access and server-to-server communication.
API Key Authentication
How It Works
API Keys are long-lived credentials that allow your application to make authenticated requests to the Rynko API. Each request must include your API key in the Authorization header.
Creating an API Key
- Visit the Rynko Dashboard and sign in
- Navigate to Settings → API Keys
- Click Create API Key
- Configure your key:
- Name: A descriptive name (e.g., "Production Server")
- Permissions: Select required permissions
- Expiration (optional): Set an expiration date
- Click Create and copy your key immediately
warning
The API key is only shown once. Save it securely!
API Key Format: fm_abc123xyz456...
Using Your API Key
Include your API key in the Authorization header:
curl https://api.rynko.dev/api/documents/generate \
-H "Authorization: Bearer fm_abc123xyz456..." \
-H "Content-Type: application/json" \
-d '{
"templateId": "invoice-template",
"format": "pdf",
"variables": { "invoiceNumber": "INV-001" }
}'
Code Examples
JavaScript
const API_KEY = 'fm_abc123xyz456...';
// Step 1: Queue the document generation (async)
const response = await fetch('https://api.rynko.dev/api/documents/generate', {
method: 'POST',
headers: {
'Authorization': `Bearer ${API_KEY}`,
'Content-Type': 'application/json',
},
body: JSON.stringify({
templateId: 'invoice-template',
format: 'pdf',
variables: {
invoiceNumber: 'INV-001',
customerName: 'Acme Corp',
},
}),
});
const job = await response.json();
console.log('Job ID:', job.jobId); // e.g. "job_abc123"
console.log('Status:', job.status); // "queued"
// Step 2: Poll for completion
const statusResponse = await fetch(job.statusUrl, {
headers: { 'Authorization': `Bearer ${API_KEY}` },
});
const result = await statusResponse.json();
console.log('Download URL:', result.downloadUrl);
Python
import requests
API_KEY = 'fm_abc123xyz456...'
# Step 1: Queue the document generation (async)
response = requests.post(
'https://api.rynko.dev/api/documents/generate',
headers={
'Authorization': f'Bearer {API_KEY}',
'Content-Type': 'application/json',
},
json={
'templateId': 'invoice-template',
'format': 'pdf',
'variables': {
'invoiceNumber': 'INV-001',
'customerName': 'Acme Corp',
},
},
)
job = response.json()
print(f"Job ID: {job['jobId']}") # e.g. "job_abc123"
print(f"Status: {job['status']}") # "queued"
# Step 2: Poll for completion
status_response = requests.get(
job['statusUrl'],
headers={'Authorization': f'Bearer {API_KEY}'},
)
result = status_response.json()
print(f"Download URL: {result['downloadUrl']}")
Security Best Practices
Do
- Store API keys in environment variables
- Use separate keys for development and production
- Set expiration dates for added security
- Rotate keys regularly (every 90 days)
- Revoke unused keys
Don't
- Commit API keys to version control
- Share API keys via email or chat
- Hardcode keys in client-side code
- Expose keys in public repositories
Error Responses
| Status | Code | Message | Solution |
|---|---|---|---|
| 401 | ERR_AUTH_001 | You are not authorized to access this resource | Include valid Authorization header |
| 401 | ERR_AUTH_004 | Invalid authentication token | Verify your API key is correct |
| 401 | ERR_AKEY_002 | Invalid API key | Check that the API key format is valid |
| 401 | ERR_AKEY_003 | API key has been deactivated | Create a new API key or reactivate the existing one |
| 403 | ERR_AUTH_005 | You do not have permission to perform this action | Check API key permissions |
See Error Codes for the complete error reference.
Next Steps
- Documents API - Generate documents
- Templates API - Manage templates
- Error Codes - Handle errors
Back to API Reference