DocuForge logoDocuForge

API Documentation

Build PDF workflows with a predictable API.

This is the source of truth for DocuForge endpoints, authentication, and error handling. Everything is designed to stay close to the console so your mental model remains consistent.

Overview

DocuForge exposes a REST API for authentication, template management, rendering, assets, billing, and AI-assisted edits. All authenticated endpoints require a JWT in the Authorization header.

Typed responses

Every endpoint returns a stable schema and a consistent error object.

Authentication

Production renders use API keys instead: send the key via the X-API-Key header when calling /v1/render.

X-API-Key: docu_live_your_api_key

Quick start

Render a production PDF from a published template ID and JSON data.

curl -X POST "$DOCUFORGE_API_URL/v1/render" \
  -H "X-API-Key: $DOCUFORGE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{ "template_id": "tpl_live_123", "data": { "invoice_id": "1234" } }' \
  --output document.pdf

Rendering

Production rendering endpoints are available under the consumer API surface.

POST /v1/render

Render a published template with X-API-Key auth. Returns a PDF blob.

Errors

The API returns JSON errors with a stable shape. Use the error code to map UI states.

401 unauthorized

Missing or invalid API key.

402 payment_required

Plan limit reached. Prompt the user to upgrade.

429 rate_limited

Back off and retry after the provided delay.

500 internal_error

Unexpected issue. Retry or report to support.

Security and Governance

DocuForge ships with practical defaults for authentication, request safety, and webhook integrity.

  • TLS transport, authenticated APIs, and hardened defaults help teams clear security reviews without custom hardening projects.
  • Password-protected PDF delivery is built in for regulated workflows handling sensitive documents.
  • Credential and token handling defaults are designed to reduce leakage risk across render, billing, and webhook paths.
  • JWT and API-key auth paths are isolated by endpoint intent.
  • Stripe webhook signatures are verified before billing events are processed.
  • Outbound webhooks are signed with HMAC SHA-256 and retried with backoff.
  • Webhook URL creation enforces HTTPS in production.
  • Plan-aware rate limiting protects render, preview, and AI endpoints.
  • Validation middleware enforces request schemas with predictable error payloads.
  • Auth, billing, usage, and render mutation routes are explicitly non-cacheable.
  • MCP server access requires bearer token auth and optional allowed-origin checks.

MCP Integration

Connect DocuForge to MCP-enabled clients to generate PDFs through tool calls and structured workflows.

MCP quick start

Endpoint: https://mcp.docuforge.app/mcp

Auth: Bearer token

Header: Authorization: Bearer <MCP_SERVER_TOKEN>

Core MCP tools

  • docuforge_get_usage
  • docuforge_list_templates
  • docuforge_get_template
  • docuforge_render_pdf
  • docuforge_render_preview_pdf

Ready to build?

Open the console to start shipping PDFs, or jump back to the landing page to review the platform.