Authentication
The Paperarchive API uses Bearer token authentication with API keys. Every request must include your API key in the Authorization header.
Creating an API Key
Create and manage API keys in the Paperarchive app at Settings > API Keys. Each key can be scoped to specific permissions and spaces.
Using Your API Key
Include the key in the Authorization header as a Bearer token:
Authorization: Bearer pa_live_abc123def456...Key Format
API keys use the prefix pa_live_ followed by a random string. The full key is only shown once at creation time - store it securely.
Scopes
Each API key is assigned scopes that control what it can access. Available scopes:
| Scope | Description |
|---|---|
documents:read | List and retrieve documents |
documents:write | Create and delete documents |
search | Search across documents |
spaces:read | List and retrieve spaces |
categories:read | List categories |
categories:write | Create and delete categories |
tags:read | List tags |
tags:write | Create and delete tags |
senders:read | List senders |
senders:write | Create and delete senders |
Space Restrictions
API keys can optionally be restricted to specific spaces. When restricted, the key can only access documents, categories, tags, and senders within those spaces.
Security Best Practices
- Use the minimum scopes needed for your integration
- Restrict keys to specific spaces when possible
- Rotate keys periodically
- Never expose keys in client-side code or public repositories
- Revoke compromised keys immediately