Skip to main content
Use API keys for every client integration shown in this documentation.

Create A Key

  1. Sign in at https://portal.iyzpdf.com/login.
  2. Open the API Keys screen.
  3. Enter a descriptive name such as Production, Staging, or Billing Worker.
  4. Create the key and copy the full secret immediately.
The product currently allows up to 5 API keys per account.

What The Key Looks Like

Keys use the iyz_live_ prefix: 
iyz_live_your_key_here

How To Send The Key

Include the key in the X-API-Key header on every request: 
X-API-Key: iyz_live_your_key_here

Storage Recommendations

  • Store keys in server-side environment variables or a secret manager.
  • Use separate keys for production and non-production environments.
  • Use separate keys for different services when you want simpler rotation.
  • Rotate a key immediately if you suspect exposure.
  • Never commit keys to Git.
  • Never expose keys in browser code.

Rotation Pattern

Use a simple zero-downtime rotation flow:
  1. Create a new key in the portal.
  2. Deploy the new key to your service.
  3. Confirm live traffic succeeds with the new key.
  4. Deactivate or delete the old key.

Backend-Only Usage

If your product has a browser frontend, your frontend should call your own backend. Your backend should then call IyzPdf with the API key. This keeps the secret out of the browser and lets you add your own authorization, quotas, and audit logging.