Authentication

Overview

All authenticated requests must include credentials in the Authorization header:

Authorization: Bearer <your-api-key>

API Keys

Generate an API key from your Settings page:

1. Go to Settings → API Keys
2. Click Create Key
3. Copy the key — it starts with pdf_live_ and is only shown once

curl -X POST https://api.pdflys.com/api/v1/compress \
  -H "Authorization: Bearer pdf_live_abc123..." \
  -F "file=@document.pdf"

Key Management

Manage keys programmatically via the Account API:

Action	Endpoint
List active keys	GET /api/v1/account/keys
Create a key	POST /api/v1/account/keys
Revoke a key	DELETE /api/v1/account/keys/:keyId

OAuth Access Tokens

If you're building a third-party integration that accesses PDFlys on behalf of users, you'll use OAuth 2.1 access tokens. These work the same way:

curl -X POST https://api.pdflys.com/api/v1/merge \
  -H "Authorization: Bearer eyJhbGciOiJSUzI1NiIs..." \
  -F "files=@doc1.pdf" \
  -F "files=@doc2.pdf"

See the OAuth 2.1 reference for the full authorization flow.

Anonymous Access

The accessibility check endpoint (POST /api/v2/accessibility/check) can be used without authentication for quick one-off checks. Anonymous requests:

• Are subject to stricter rate limits
• Do not persist reports
• Do not support async processing for large files

Sign up for an API key to unlock the full feature set.

Error Responses

Status	Meaning	Action
401 Unauthorized	Token missing, expired, or invalid	Check your API key or generate a new one
403 Forbidden	Valid credentials but insufficient permissions	Check your plan or required permissions
429 Too Many Requests	Rate limit exceeded	Wait and retry with backoff — see Rate Limits

Usage Headers

Every API response includes usage information in the response headers:

X-Usage-Current: 47
X-Usage-Limit: 100
X-RateLimit-Limit: 60
X-RateLimit-Remaining: 45
X-RateLimit-Reset: 1709125200

Monitor these to track your consumption and avoid hitting limits. See Rate Limits for details.