Authentication

The API uses bearer token authentication. Send your token in the Authorization header on every request:


Authorization: Bearer YOUR_API_TOKEN

A request without a valid token is rejected with 401 Unauthorized.

Example


curl https://api.example.com/documents/docsets \
  -H "Authorization: Bearer YOUR_API_TOKEN"


const res = await fetch('https://api.example.com/documents/docsets', {
  headers: { Authorization: `Bearer ${process.env.API_TOKEN}` },
})

Treat your token like a password. Keep it in a secret manager or environment variable — never commit it or expose it in client-side code. Calls to this API should be made from your backend.

Public endpoints

The health endpoints do not require a token, so you can use them for uptime checks and readiness probes:

GET /health
GET /health/detailed

Error responses

Situation	Status	`errorCode`
No `Authorization` header	`401`	`UNAUTHENTICATED`
Wrong token	`401`	`FORBIDDEN`


{
  "message": "Add an authorization header to the request: \"bearer <token>\"",
  "errorCode": "UNAUTHENTICATED"
}

See Errors for the full error shape.