Getting Started

Authentication

Secure your API requests with API keys

Overview

All API requests to Automat require authentication using an API key. API keys are scoped to your organization and provide access to all extractors within that organization.

Keep your API keys secure! Never commit them to version control or expose them in client-side code.

Getting Your API Key

  1. Log in to the Automat Dashboard
  2. Navigate to SettingsAPI Keys
  3. Click Create API Key
  4. Give your key a descriptive name (e.g., “Production Backend”, “Development”)
  5. Copy the key immediately — it won’t be shown again

You can create multiple API keys for different environments or services. Each key can be revoked independently without affecting others.

Using Your API Key

Include your API key in the Authorization header using the Bearer scheme:

$Authorization: Bearer YOUR_API_KEY

Example Request

$curl -X POST https://inference.runautomat.com/api/extract \
>  -H "Authorization: Bearer atmt_sk_live_xxxxxxxxxxxxx" \
>  -F "extractorId=ext_abc123" \
>  -F "file=@document.pdf"

Error Handling

If authentication fails, you’ll receive a 401 Unauthorized response:

1{
2  "success": false,
3  "error": "Invalid API key"
4}

Common authentication errors:

ErrorCauseSolution
Missing Authorization headerNo Authorization header providedAdd the header to your request
Invalid API keyKey doesn’t exist or was revokedCheck the key in your dashboard
Malformed headerWrong formatUse Bearer YOUR_KEY format

Environment Variables

We recommend storing your API key in environment variables:

.env
$AUTOMAT_API_KEY=atmt_sk_live_xxxxxxxxxxxxx
1const apiKey = process.env.AUTOMAT_API_KEY;

API Key Best Practices

Use Environment Variables

Never hardcode API keys in your source code

Rotate Regularly

Periodically generate new keys and revoke old ones

Separate by Environment

Use different keys for development, staging, and production

Monitor Usage

Review API key activity in your dashboard