API REFERENCE

Authentication

All API requests must include a valid API key as a Bearer token in the Authorization header. Keys are generated from your developer portal.

Bearer token format

Authorization: Bearer wdoc_live_<32-hex-chars>

Where to find your key

Your API key is generated at /developer/keys after account creation. The full key is displayed exactly once — copy it immediately. Only the key hash is stored; the plaintext cannot be recovered. Use the Regenerate function in the developer portal to rotate a lost key.

Key rotation

Send a DELETE request to /api/developer/generate-key (requires active session). The old key deactivates immediately and a new key is returned once.

Error responses

Status	Code	Meaning
401	Invalid API key	Missing, malformed, or inactive Bearer token
403	Scan limit reached	Plan limit exceeded