Authentication
The GenerateInvoice API uses API keys to authenticate requests. You can view and manage your API keys in your account dashboard.
API Key Authentication
Authentication to the API is performed via HTTP Bearer authentication. Provide your API key as the bearer token in the Authorization header.
curl -H "Authorization: Bearer YOUR_API_KEY" \
https://api.generateinvoice.com/v1/invoicesHow to Get Your API Key
- Log in to your GenerateInvoice dashboard
- Navigate to Settings in the sidebar
- Click on API Keys
- Click Create New Key
- Give your key a descriptive name (e.g., "Production Server")
- Choose the environment (Test or Live)
- Copy your new API key immediately - it won't be shown again!
Important Security Notice
Your API key carries many privileges. Keep it secure! Do not share your secret API key in publicly accessible areas such as GitHub, client-side code, or anywhere else.
Key Format
GenerateInvoice API keys have a specific format to help you identify them:
| Environment | Prefix | Example |
|---|---|---|
| Live | gi_live_ | gi_live_a1b2c3d4e5f6... |
| Test | gi_test_ | gi_test_x9y8z7w6v5u4... |
Request Headers
Include these headers in every API request:
| Header | Required | Description |
|---|---|---|
Authorization | Yes | Bearer token with your API key |
Content-Type | For POST/PATCH | Must be application/json |
X-Request-ID | Optional | Custom request ID for tracing |
Test vs Live Keys
GenerateInvoice provides two types of API keys for different purposes:
Test Keys (gi_test_...)
- Use during development and testing
- Documents created are marked as test data
- No emails are actually sent (logged instead)
- Does not count against your usage limits
- PDFs include a "TEST" watermark
Live Keys (gi_live_...)
- Use in production environments
- Creates real documents
- Emails are sent to actual recipients
- Counts against your usage limits
- Professional PDFs without watermarks
Best Practice
Always use test keys during development. Only switch to live keys when you're ready to deploy to production.
Code Examples
Here are examples of how to authenticate in different programming languages:
# Using Bearer authentication
curl -X GET "https://api.generateinvoice.com/v1/invoices" \
-H "Authorization: Bearer gi_live_your_api_key_here"
# With additional headers
curl -X POST "https://api.generateinvoice.com/v1/invoices" \
-H "Authorization: Bearer gi_live_your_api_key_here" \
-H "Content-Type: application/json" \
-H "X-Request-ID: my-custom-id-123" \
-d '{"document_type": "invoice", ...}'Storing API Keys Securely
Never hardcode your API keys in your source code. Instead, use environment variables:
# Never commit this file to version control!
GENERATEINVOICE_API_KEY=gi_live_your_api_key_here
# You can also separate test and live keys
GENERATEINVOICE_TEST_KEY=gi_test_your_test_key_here
GENERATEINVOICE_LIVE_KEY=gi_live_your_live_key_hereRevoking API Keys
If you believe your API key has been compromised, revoke it immediately:
- Go to Settings → API Keys in your dashboard
- Find the compromised key
- Click the Revoke button
- Create a new API key
- Update your application with the new key
Revoked keys are immediately invalidated. Any requests using a revoked key will receive a 401 Unauthorized response.
Authentication Errors
When authentication fails, the API returns one of these error codes:
| Error Code | HTTP Status | Description |
|---|---|---|
MISSING_API_KEY | 401 | No API key was provided |
INVALID_API_KEY | 401 | The API key is invalid or has been revoked |
EXPIRED_API_KEY | 401 | The API key has expired |
{
"success": false,
"error": {
"code": "INVALID_API_KEY",
"message": "The provided API key is invalid or has been revoked."
},
"meta": {
"request_id": "req_abc123",
"timestamp": "2024-01-15T10:30:00Z"
}
}