Where do I find my API key?

Navigate to Settings > API Keys in the Talonic platform at app.talonic.com. Click "Create API Key" to generate a new key with the tlnc_sk_live_ prefix.

Can I have multiple API keys?

Yes. You can create multiple API keys per workspace. Each key can have different permission scopes. Rotate keys regularly for security.

What happens if my API key is compromised?

Immediately revoke the key in the Talonic platform and create a new one. All requests using the revoked key will return 401 Unauthorized.

API keys do not expire automatically. You can set optional expiration dates when creating a key. We recommend rotating keys every 90 days.

Authentication

The Talonic API uses Bearer token authentication. Include your API key in the Authorization header of every request to access endpoints.

API key format

All Talonic API keys use the prefix tlnc_sk_live_ followed by a random string. Store your key securely and never expose it in client-side code. Keys are scoped to a single workspace and grant access to all resources within that workspace.

Making authenticated requests

Pass your API key as a Bearer token in the Authorization header. The base URL for all API requests is https://api.talonic.com.

curl https://api.talonic.com/v1/documents \
  -H "Authorization: Bearer tlnc_sk_live_7f3a...x9k2"

Error responses

If authentication fails, the API returns one of these status codes. See the full error reference for details.

Status	Meaning	Common Cause
401	Unauthorized	Missing or invalid API key
403	Forbidden	Key lacks permission for this resource

Security best practices

Store API keys in environment variables, not in source code. Use separate keys for development and production. Rotate keys every 90 days. Monitor usage in the rate limits dashboard. The extraction pipeline logs all API key usage for audit purposes.