API Documentation
Build PDF workflows with a predictable API.
This is the source of truth for DocuForge endpoints, authentication, and error handling. Everything is designed to stay close to the console so your mental model remains consistent.
Overview
DocuForge exposes a REST API for authentication, template management, rendering, assets, billing, and AI-assisted edits. All authenticated endpoints require a JWT in the Authorization header.
Typed responses
Every endpoint returns a stable schema and a consistent error object.
Authentication
Production renders use API keys instead: send the key via the X-API-Key header when calling /v1/render.
X-API-Key: docu_live_your_api_keyQuick start
Render a production PDF from a published template ID and JSON data.
curl -X POST "$DOCUFORGE_API_URL/v1/render" \
-H "X-API-Key: $DOCUFORGE_API_KEY" \
-H "Content-Type: application/json" \
-d '{ "template_id": "tpl_live_123", "data": { "invoice_id": "1234" } }' \
--output document.pdfRendering
Production rendering endpoints are available under the consumer API surface.
POST /v1/render
Render a published template with X-API-Key auth. Returns a PDF blob.
Errors
The API returns JSON errors with a stable shape. Use the error code to map UI states.
401 unauthorized
Missing or invalid API key.
402 payment_required
Plan limit reached. Prompt the user to upgrade.
429 rate_limited
Back off and retry after the provided delay.
500 internal_error
Unexpected issue. Retry or report to support.
Security and Governance
DocuForge ships with practical defaults for authentication, request safety, and webhook integrity.
- TLS transport, authenticated APIs, and hardened defaults help teams clear security reviews without custom hardening projects.
- Password-protected PDF delivery is built in for regulated workflows handling sensitive documents.
- Credential and token handling defaults are designed to reduce leakage risk across render, billing, and webhook paths.
- JWT and API-key auth paths are isolated by endpoint intent.
- Stripe webhook signatures are verified before billing events are processed.
- Outbound webhooks are signed with HMAC SHA-256 and retried with backoff.
- Webhook URL creation enforces HTTPS in production.
- Plan-aware rate limiting protects render, preview, and AI endpoints.
- Validation middleware enforces request schemas with predictable error payloads.
- Auth, billing, usage, and render mutation routes are explicitly non-cacheable.
- MCP server access requires bearer token auth and optional allowed-origin checks.
MCP Integration
Connect DocuForge to MCP-enabled clients to generate PDFs through tool calls and structured workflows.
MCP quick start
Endpoint: https://mcp.docuforge.app/mcp
Auth: Bearer token
Header: Authorization: Bearer <MCP_SERVER_TOKEN>
Core MCP tools
docuforge_get_usagedocuforge_list_templatesdocuforge_get_templatedocuforge_render_pdfdocuforge_render_preview_pdf
Detailed setup guides
Ready to build?
Open the console to start shipping PDFs, or jump back to the landing page to review the platform.
