Authentication

All API requests require an API key passed as a Bearer token in the Authorization header.

API Key Format

Keys are prefixed with sd_ followed by 48 hex characters:

sd_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4

Using Your Key

Include it in every request:

curl -X POST https://developer-api.qomplement.com/v1/extract \
  -H "Authorization: Bearer sd_YOUR_API_KEY" \
  -F "file=@document.pdf"

Python

import requests

headers = {"Authorization": "Bearer sd_YOUR_API_KEY"}

response = requests.post(
    "https://developer-api.qomplement.com/v1/extract",
    headers=headers,
    files={"file": open("document.pdf", "rb")},
)

JavaScript

const form = new FormData();
form.append("file", fs.createReadStream("document.pdf"));

const response = await fetch("https://developer-api.qomplement.com/v1/extract", {
  method: "POST",
  headers: { Authorization: "Bearer sd_YOUR_API_KEY" },
  body: form,
});

Go

req, _ := http.NewRequest("POST", "https://developer-api.qomplement.com/v1/extract", body)
req.Header.Set("Authorization", "Bearer sd_YOUR_API_KEY")
req.Header.Set("Content-Type", writer.FormDataContentType())

resp, err := http.DefaultClient.Do(req)

Getting an API Key

Sign in at developers.qomplement.com
Navigate to API Keys from the sidebar
Click Create API Key and give it a name
Copy the key immediately — it's only shown once

caution

Your API key is displayed only once when created. Store it securely. If you lose it, you'll need to create a new one.

Security Best Practices

Never commit keys to version control — use environment variables
Don't expose keys in client-side code — make API calls from your backend
Rotate keys periodically — revoke old keys and create new ones
Use separate keys per environment — dev, staging, production

# Store in environment variable
export QOMPLEMENT_API_KEY="sd_your_key_here"

# Use in your code
curl -H "Authorization: Bearer $QOMPLEMENT_API_KEY" ...

# Python — load from environment
import os

API_KEY = os.environ["QOMPLEMENT_API_KEY"]
headers = {"Authorization": f"Bearer {API_KEY}"}

// Node.js — load from environment
const API_KEY = process.env.QOMPLEMENT_API_KEY;
const headers = { Authorization: `Bearer ${API_KEY}` };

Key Properties

Each API key has:

Property	Description
`name`	Human-readable label
`owner_email`	Email of the key owner
`rate_limit_per_minute`	Max requests per minute (default: 60)
`monthly_request_limit`	Max requests per month (default: 10,000)
`is_active`	Whether the key is active
`last_used_at`	Timestamp of last API call

Unauthorized Responses

If your key is missing, invalid, or revoked:

{
  "detail": "Could not validate credentials"
}

HTTP Status: 401 Unauthorized or 403 Forbidden

API Key Format​

Using Your Key​

Python​

JavaScript​

Go​

Getting an API Key​

Security Best Practices​

Key Properties​

Unauthorized Responses​