Authentication

PDFCanon uses two authentication schemes depending on the endpoint group.

API key (normalization endpoints)

All normalization and artifact retrieval endpoints require an API key passed via the X-Api-Key header.

curl https://api.pdfcanon.com/api/normalize \
  -H "X-Api-Key: pdfn_your_api_key_here" \
  ...

Obtaining an API key

Sign in to app.pdfcanon.com
Navigate to Settings → API Keys
Click Create Key and give it a descriptive name
Copy the key immediately — it is only shown once

API keys start with the prefix pdfn_.

Key rotation

You can create multiple API keys and rotate them without downtime:

Create a new key in the portal
Update your application to use the new key
Revoke the old key once traffic has migrated

Endpoints that require an API key

Endpoint	Method
`/api/normalize`	`POST`
`/api/submissions/{id}`	`GET`
`/api/artifacts/{hash}`	`GET`
`/api/reports/{hash}`	`GET`

JWT Bearer (portal endpoints)

Portal management endpoints (/api/portal/*) require a JWT Bearer token obtained by authenticating with your portal credentials.

# Obtain a token
curl -X POST https://api.pdfcanon.com/api/auth/login \
  -H "Content-Type: application/json" \
  -d '{"email": "you@example.com", "password": "..."}'

# Use the token
curl https://api.pdfcanon.com/api/portal/usage \
  -H "Authorization: Bearer eyJ..."

JWT tokens expire after a short period. Use the refresh endpoint to obtain a new access token without re-authenticating.

Rate limits

Endpoint	Limit
`POST /api/normalize`	Tier-based monthly document quota
`POST /api/auth/register`	3 requests / hour / IP
`POST /api/auth/login`	5 requests / 15 min / IP
`POST /api/auth/forgot-password`	3 requests / hour / IP

API key (normalization endpoints)​

Obtaining an API key​

Key rotation​

Endpoints that require an API key​

JWT Bearer (portal endpoints)​

Rate limits​