Authentication
The Talonic API uses Bearer token authentication. Include your API key in the Authorization header of every request to access endpoints.
API key format
All Talonic API keys use the prefix tlnc_live_ (production) or tlnc_test_ (sandbox) followed by a random string. Store your key securely and never expose it in client-side code. Keys are scoped to a single workspace and grant access to all resources within that workspace.
Making authenticated requests
Pass your API key as a Bearer token in the Authorization header. The base URL for all API requests is https://api.talonic.com.
curl https://api.talonic.com/v1/documents \
-H "Authorization: Bearer $TALONIC_API_KEY"Error responses
If authentication fails, the API returns one of these status codes. See the full error reference for details.
| Status | Meaning | Common Cause |
|---|---|---|
| 401 | Unauthorized | Missing or invalid API key |
| 403 | Forbidden | Key lacks permission for this resource |
Security best practices
Store API keys in environment variables, not in source code. Use separate keys for development and production. Rotate keys every 90 days. Monitor usage in the rate limits dashboard. The extraction pipeline logs all API key usage for audit purposes.