Skip to main content

Documentation Index

Fetch the complete documentation index at: https://developers.paperlink.online/llms.txt

Use this file to discover all available pages before exploring further.

Every request to the Paperlink API must be authenticated with an API key. You generate keys from your team settings, choose the mode and permission scope at creation time, and then pass the key as a Bearer token in the Authorization header of each request.
Only team members with the Owner or Admin role can create and manage API keys. Manager and Member roles do not have access to the API Keys page.

Create an API key

1

Open the Integrations page

Go to Settings in the left sidebar, then click Integrations. Find the Public API card and click it to open the API Keys page.
2

Start key creation

Click Create API Key in the top-right corner of the API Keys page.
3

Name the key

Enter a descriptive Key name. This name is for your reference only and is never sent in API requests. Use something that identifies the integration, for example Production Backend or CI Pipeline.
4

Choose a mode

Select the environment the key will operate in:
  • Live - accesses your real production data. Use this for active integrations.
  • Test - accesses an isolated sandbox. Use this for development and CI/CD. Test keys cannot read or modify live data.
5

Choose a scope

Select the permission level:
  • Read & Write - the key can create, update, and delete data (GET, POST, PATCH, DELETE).
  • Read-only - the key can only retrieve data (GET). Use this for reporting tools and dashboards.
6

Copy and store the token

Click Create key. The full API token is shown once immediately after creation — copy it and store it securely now.
Paperlink does not store the raw token and cannot show it again. If you lose the token, you must revoke the key and create a new one.

Key prefix format

You can identify the mode of a key at a glance by its prefix:
PrefixMode
pk_live_...Live
pk_test_...Test

Make an authenticated request

Pass the token in the Authorization header as a Bearer token on every request: 
curl https://app.paperlink.online/api/v1/products \
  -H "Authorization: Bearer <your-token>"
Replace <your-token> with the key you copied at creation. The confirmation screen after key creation also shows a pre-filled cURL example with your token already inserted. 
curl https://app.paperlink.online/api/v1/products \
  -H "Authorization: Bearer pk_live_abc123..."

Authentication errors

If authentication fails, the API returns a 401 Unauthorized response: 
{
  "error": {
    "type": "authentication_error",
    "code": "invalid_token",
    "message": "Invalid or missing API token",
    "request_id": "req_01j..."
  }
}
Common causes include a missing Authorization header, a malformed Bearer token, or a revoked key.

Manage existing keys

On the API Keys page, each key displays:
  • Name and key prefix (for example, pk_live_AbC...)
  • Mode badge - Live (green) or Test (grey)
  • Scope - Read & Write or Read-only
  • Creator - the team member who created the key
  • Last used - the last time the key made an API call
Use the menu on any key to Rename or Revoke it.
A team can have up to 10 active keys. Revoke keys that are no longer in use before creating new ones.

Revoke a key

1

Find the key

Locate the key on the API Keys page and click its menu.
2

Revoke it

Select Revoke and confirm the action.
Revoked keys reject all API calls within seconds. The key remains visible in the list for 90 days so you can audit when it was revoked and by whom, then it disappears automatically.
Revoking a key is immediate and irreversible. Any integration using that key will stop working as soon as the revocation takes effect.

Where to go next

API overview

Understand modes, scopes, rate limits, and key limits

API endpoints reference

Browse available endpoints with request and response examples