Skip to main content

Environments and Authentication

This section explains the available environments in Auco and how to authenticate securely when consuming the API.

API Versioning​

All requests must include the current API version in the base URL. We currently use version v1.5, with the /ext suffix indicating endpoints intended for external integrations.

Available Environments​

Auco provides two separate environments:

πŸ”§ Testing Environment (stage)​

  • Base URL: https://dev.auco.ai/v1.5/ext
  • Intended for integrations, testing, and development.
  • No real charges or document movements are generated.
  • You can request access by creating an account at stage.auco.ai.

πŸš€ Production Environment​

  • Base URL: https://api.auco.ai/v1.5/ext
  • This environment runs real document workflows and counts signed or delivered documents.
  • Requires an active credit package and a properly configured production account.

Authentication​

Auco’s API uses two types of authentication keys: public and private. These keys must be included in the request headers depending on the operation type:

  • Read (GET): use the public key (puk_...)
  • Write (POST, PUT, DELETE): use the private key (prk_...)

πŸ”‘ Required Header​

Authorization: YOUR_PUBLIC_OR_PRIVATE_KEY

πŸ“˜ curl Example for Read (GET)​

curl -X GET https://dev.auco.ai/v1.5/ext/documents \
  -H "Authorization: puk_ocG0ODMlBlAN4NOi4GxVJjmC7Examaple" \
  -H "Content-Type: application/json"

πŸ“˜ curl Example for Write (POST)​

curl -X POST https://dev.auco.ai/v1.5/ext/documents \
  -H "Authorization: prk_ocG0ODMlBlAN4NOi4GxVJjmC7Examaple" \
  -H "Content-Type: application/json" \
  -d '{ "name": "document.pdf" }'

Note: Keep your private keys secure. Never share them publicly or include them in public-facing clients like browsers.

Recommendations​

  • Use the stage environment for all initial testing before switching to production.
  • Make sure to use the public key for GET and the private key for POST, PUT, and DELETE.
  • Update both the base URL and the keys when moving to production.
  • Protect your private keys: never share them publicly or include them in public clients such as browsers or mobile apps.
  • If you automate processes, consider implementing periodic key rotation.

Common Error Code​

  • 401 Unauthorized: A valid key was not included in the Authorization header, or the wrong type of key was used for the operation (read/write).