Authentication¶

Learn how to authenticate your API requests to Laminr.

API Keys¶

Laminr uses API keys to authenticate requests. API keys are associated with service accounts, so be sure to keep them secure!

Creating a Service Account and API Key¶

Tenant Admin Required

You must be a tenant administrator to create service accounts and API keys. If you don't have admin access, contact your organization's Laminr administrator.

Step 1: Navigate to Service Accounts

Log in to your Laminr dashboard
Click on your profile/tenant menu in the top navigation
Select Tenant Admin from the dropdown
Navigate to the Service Accounts section in the left sidebar

Step 2: Create a Service Account

Click Create Service Account
Give your service account a descriptive name (e.g., "Production API", "CI/CD Pipeline")
Optionally add a description to help identify its purpose
Click Create to save the service account

Step 3: Generate an API Key

Find your newly created service account in the list
Click Add API Key for that service account
Give your API key a descriptive name (e.g., "Production Server", "Development", "Staging")
Click Create API Key
Copy the key immediately - you won't be able to see it again!

Service Account Organization

You can create multiple service accounts for different purposes (e.g., one for production, one for development). Each service account can have multiple API keys, making it easy to rotate keys or separate access by environment.

Save Your API Key

The API key is only displayed once when created. Make sure to copy and store it securely before closing the dialog.

Using Your API Key¶

Include your API key in the x-api-key header of every request:

x-api-key: YOUR_API_KEY

Example request:

curl https://api.laminr.ai/v1/files \
  -H "x-api-key: sk_live_abc123xyz789"

Security Best Practices¶

Keep Your Keys Secret¶

Never Expose Your API Key

Don't commit API keys to version control
Don't include them in client-side code
Don't share them in support tickets or public forums
Use environment variables to store them

Environment Variables¶

Store your API key in environment variables:

Bash/Linux/macOS:

export LAMINR_API_KEY="sk_live_abc123xyz789"

Python:

import os

api_key = os.environ.get("LAMINR_API_KEY")

Node.js:

const apiKey = process.env.LAMINR_API_KEY;

Rotate Keys Regularly¶

If you suspect a key has been compromised:

Generate a new API key in your dashboard
Update your application with the new key
Delete the old key immediately

Use Different Keys for Different Environments¶

Create separate API keys for:

Development: For local development and testing
Staging: For your staging environment
Production: For your production environment

This allows you to: - Isolate issues - Track usage by environment - Revoke keys without affecting other environments

Authentication Errors¶

401 Unauthorized¶

{
  "error": {
    "code": "unauthorized",
    "message": "Invalid or missing API key"
  }
}

Common causes: - Missing x-api-key header - Incorrect API key format - Revoked or deleted API key

403 Forbidden¶

{
  "error": {
    "code": "forbidden",
    "message": "Insufficient permissions for this resource"
  }
}

Common causes: - Using a test key for production endpoints - API key doesn't have required permissions - Account limitations

Next Steps¶

Getting Started Guide - Create your first package and upload files
File Upload Guide - Learn how to upload and process documents
API Reference - Complete endpoint documentation