Authentication

Learn how to authenticate with the Talonic API using Bearer tokens and API keys with the tlnc_ prefix. Keys carry scopes (extract, read, write) that control access.

All API requests require a Bearer token in the Authorization header. API keys carry the tlnc_ prefix and can be scoped to a source. Create and manage keys from Settings → API Keys in the dashboard.

Authorization header

API Key Scopes

Each API key carries one or more scopes that determine which operations it can perform. New keys default to all three scopes.

Available scopes

extractscopeSubmit documents for extraction (`POST /v1/extract`, `POST /v1/documents/:id/re-extract`).

readscopeRead operations — list and retrieve documents, extractions, schemas, jobs, sources, and other resources.

writescopeWrite operations — create, update, and delete schemas, sources, jobs, delivery bindings, and other resources.

billingscopeBilling operations — trigger credit top-ups (`POST /v1/billing/topup`). Not included by default; add explicitly when creating the key.

New keys default to extract, read, and write. The billing scope must be added explicitly. If a request requires a scope your key does not carry, the API returns 403 with error code insufficient_scope and lists the required scopes in the response body.

Keep your API key secret. Do not expose it in client-side code or version control. If a key is compromised, revoke it immediately from the dashboard.

Base URL

Error Codes

Authentication

API Key Scopes

Related