Authentication

Name: Glyph
Author: Glyph

All Glyph API requests require authentication using an API key. This guide covers how to obtain, use, and secure your API keys.

Getting an API Key

Sign up at dashboard.glyph.you
Navigate to API Keys in the sidebar
Click Create New Key
Copy your key immediately - it won’t be shown again

Key Format

Glyph API keys follow a specific format:

gk_xxxxxxxxxxxxxxxxxxxx

Prefix: gk_ (Glyph Key)
Length: 27 characters total
Characters: Base64-safe (alphanumeric)

Using Your API Key

Authorization Header

Include your API key in the Authorization header with the Bearer scheme:

curl -X POST https://api.glyph.you/v1/preview \
  -H "Authorization: Bearer gk_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{"template": "quote-modern", "data": {...}}'

JavaScript/TypeScript

const response = await fetch('https://api.glyph.you/v1/preview', {
  method: 'POST',
  headers: {
    'Authorization': `Bearer ${process.env.GLYPH_API_KEY}`,
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({ template: 'quote-modern', data: quoteData })
});

Python

import os
import requests

response = requests.post(
    'https://api.glyph.you/v1/preview',
    headers={
        'Authorization': f'Bearer {os.environ["GLYPH_API_KEY"]}',
        'Content-Type': 'application/json'
    },
    json={'template': 'quote-modern', 'data': quote_data}
)

SDK Usage

When using the SDK, pass your API key to the component or client:

<glyph-editor api-key="gk_your_api_key" ...></glyph-editor>

import { GlyphAPI } from '@glyphpdf/sdk';

const api = new GlyphAPI('gk_your_api_key');

Error Responses

Missing Authorization Header

{
  "error": "Missing Authorization header",
  "code": "HTTP_ERROR"
}

HTTP Status: 401 Unauthorized

Invalid Authorization Format

{
  "error": "Invalid Authorization format. Use: Bearer <api_key>",
  "code": "HTTP_ERROR"
}

HTTP Status: 401 Unauthorized

Invalid Key Format

{
  "error": "Invalid API key format. Keys should start with 'gk_'",
  "code": "HTTP_ERROR"
}

HTTP Status: 401 Unauthorized

Invalid or Revoked Key

{
  "error": "Invalid API key",
  "code": "HTTP_ERROR"
}

HTTP Status: 401 Unauthorized

Deactivated Key

{
  "error": "API key is deactivated",
  "code": "HTTP_ERROR"
}

HTTP Status: 403 Forbidden

Monthly Limit Exceeded

{
  "error": "Monthly API limit exceeded (100 requests)",
  "code": "HTTP_ERROR"
}

HTTP Status: 429 Too Many Requests

Security Best Practices

Never Expose in Client Code

// BAD - Key exposed in frontend code
const api = new GlyphAPI('gk_live_key_here');

// GOOD - Key stored securely on backend
// Frontend makes request to your backend, which calls Glyph

Environment Variables

Store keys in environment variables:

GLYPH_API_KEY=gk_your_api_key

const apiKey = process.env.GLYPH_API_KEY;

Key Rotation

Periodically rotate your API keys:

Create a new key in the dashboard
Update your applications to use the new key
Verify the new key works in production
Revoke the old key

Separate Keys for Environments

Use different keys for different environments:

Environment	Key Name
Development	`dev_key`
Staging	`staging_key`
Production	`production_key`

API Key Tiers

Your API key is associated with a pricing tier that determines:

Rate limits (requests per minute)
Monthly PDF generation limits
Feature access

Tier	Rate Limit	Monthly PDFs
Free	10/min	100
Pro	60/min	1,000
Scale	120/min	10,000
Enterprise	300/min	Unlimited

Check your current tier and usage in the dashboard.

Key Management

Viewing Keys

In your dashboard, you can see:

Key prefix (first 11 characters)
Creation date
Last used date
Current tier

Revoking Keys

To revoke a key:

Go to API Keys in your dashboard
Find the key to revoke
Click Revoke
Confirm the action

Revoked keys immediately stop working for all requests.

Validating Keys

Test if a key is valid:

curl https://api.glyph.you/v1/auth/validate \
  -H "Authorization: Bearer gk_your_api_key"

Response:

{
  "valid": true,
  "tier": "pro"
}