The Ocrolus API uses API Keys and Secrets to authenticate incoming requests and identify the user(s) invoking endpoints.

Authentication to the API is performed via HTTP Basic Authentication Scheme. API requests without authentication will fail, triggering the below failure response in JSON.

  "status": 400,
  "message": "Authentication failed",
  "code": 1200,
  "response": null


Learn how to embed credentials in your HTTP request by viewing the code samples in the below endpoint documentation.

Generating API Key & Secret

Your unique API Key and Secret can be generated from the My Organization page on our web app. These are the digital keys to your account, so be sure to keep them secure.


When creating a new API Account note the following requirements for the API Key:

  • It must be a valid email address to which messages can be successfully delivered
  • The chosen email address is not already associated with another Account in your Organization

You can also manage your API Accounts on the My Organization page on our web app. The page provides the ability to reset the password for existing API Accounts or remove them altogether.