Basic Authentication

The Ocrolus API uses API keys and secrets sent via HTTP basic authentication headers to identify the user making each request.

Unauthenticated requests will fail with the following JSON response:

  "status": 400,
  "message": "Authentication failed",
  "code": 1200,
  "response": null


To learn how to embed credentials in your HTTP request, view the code samples in the following endpoint documentation.

Generating the API key & secret

You generate your unique API key and secret from the My Organization page on our web app. Your API key and secret are the digital keys to your account. Be sure to keep them secure.


API Key requirements for a new API account

When creating a new API account, please note the following requirements for the API Key:

  • You must use a valid email address.
  • The email address must be unique to the new account and not be associated with another account in your organization.

Managing your API account

You can manage your API account(s) on the My Organization page on our web app. On the page, you can perform admin tasks, including:

  • Resetting the password for an existing API account
  • Removing an API account