API 文档
用可预测的 API 构建 PDF 工作流。
这是 DocuForge 端点、认证与错误处理的权威参考。所有设计与控制台保持一致,让你的心智模型始终清晰。
概览
DocuForge 提供用于认证、模板管理、渲染、资源、计费与 AI 编辑的 REST API。所有受保护的端点都需要在 Authorization 头中携带 JWT。
类型化响应
每个端点返回稳定的结构和一致的错误对象。
认证
生产渲染使用 API Key:调用 /v1/render 时通过 X-API-Key 头发送。
X-API-Key: docu_live_your_api_key快速开始
Render a production PDF from a published template ID and JSON data.
curl -X POST "$DOCUFORGE_API_URL/v1/render" \
-H "X-API-Key: $DOCUFORGE_API_KEY" \
-H "Content-Type: application/json" \
-d '{ "template_id": "tpl_live_123", "data": { "invoice_id": "1234" } }' \
--output document.pdf渲染
Production rendering endpoints are available under the consumer API surface.
POST /v1/render
使用 X-API-Key 渲染已发布模板,返回 PDF blob。
错误
API 返回稳定结构的 JSON 错误。使用错误码映射 UI 状态。
401 unauthorized
Missing or invalid API key.
402 payment_required
达到套餐上限。提示用户升级。
429 rate_limited
降低请求频率并在延迟后重试。
500 internal_error
意外错误。重试或联系支持。
安全与治理
DocuForge 提供认证、请求安全与 webhook 完整性的实用默认能力。
- TLS transport, authenticated APIs, and hardened defaults help teams clear security reviews without custom hardening projects.
- Password-protected PDF delivery is built in for regulated workflows handling sensitive documents.
- Credential and token handling defaults are designed to reduce leakage risk across render, billing, and webhook paths.
- JWT and API-key auth paths are isolated by endpoint intent.
- Stripe webhook signatures are verified before billing events are processed.
- Outbound webhooks are signed with HMAC SHA-256 and retried with backoff.
- Webhook URL creation enforces HTTPS in production.
- Plan-aware rate limiting protects render, preview, and AI endpoints.
- Validation middleware enforces request schemas with predictable error payloads.
- Auth, billing, usage, and render mutation routes are explicitly non-cacheable.
- MCP server access requires bearer token auth and optional allowed-origin checks.
MCP 集成
将 DocuForge 接入支持 MCP 的客户端,通过工具调用生成 PDF。
MCP 快速开始
Endpoint: https://mcp.docuforge.app/mcp
Auth: Bearer token
Header: Authorization: Bearer <MCP_SERVER_TOKEN>
