Authentication
Authenticate requests to the Plextera Public API with an API key issued for your client integration.
API key header
Pass your API key in the Authorization header using the api-key prefix:
For example:
The header value must include the api-key prefix followed by a space and the key. Sending the key alone without the prefix will result in a 401.
API keys are issued per integration. Contact your Plextera account team to obtain a key.
Request context
Each API key is bound to a Plextera organization. The organization context is resolved automatically from the key — you do not pass an organization identifier in requests.
All resources created or accessed through the API are scoped to that organization: files, Document Insights jobs, workflow runs, and event subscriptions.
Usage guidelines
- Use one API key per integration (e.g., one key per environment: staging, production).
- The same key is valid across all API surfaces: Files, Document Insights, Workflows, and Event Subscriptions.
- Treat all returned resource IDs as organization-scoped — IDs are not globally unique across organizations.
- Store keys in environment variables or a secrets manager. Do not commit them to source control.
Key rotation
To rotate a key, issue a new one and update your integration before deactivating the old key. There is no grace period once a key is deactivated.
Next steps
- API Reference — full authenticated endpoint reference
- Events — configure webhook push notifications