Authentication
All API requests must include a valid API key in the Authorization header using the Bearer scheme.
Authorization header
Authorization: Bearer dk_live_your_api_keyAPI key formats
Dokai uses prefixed API keys so you can identify key types at a glance.
| Prefix | Environment | Behavior |
|---|---|---|
dk_live_ | Production | Processes real documents, counts toward quota, billed usage |
dk_test_ | Sandbox | Returns mock data, no quota impact, free to use |
Test vs live keys
Test keys are designed for development and integration testing. They accept any valid image but always return realistic mock data without touching the AI pipeline. No usage is recorded and no charges apply.
Live keys run the full processing pipeline: image validation, OCR, AI extraction, and post-processing. Results are stored and usage counts toward your plan quota.
Key management
Manage your API keys from the dashboard under Developers → API Keys.
- Create — Generate a new key. The full key is shown only once.
- Rotate — Replace a key with a new one. The old key is immediately invalidated.
- Revoke — Permanently disable a key.
Security best practices
- Never expose API keys in client-side code or public repositories.
- Use environment variables to store keys in your application.
- Rotate keys immediately if you suspect they have been compromised.
- Use test keys during development and only switch to live keys in production.