Authentication
Learn how to authenticate with the PaperStack API using Bearer tokens.
Authentication
All API requests to PaperStack require authentication via a Bearer token in the Authorization header.
API Keys
API keys are the primary authentication mechanism. Every request must include a valid, active key.
Key Format
- Live keys:
ps_<random_string> - Test/development keys:
ps_test_<random_string>
Rate Limits
| Plan | Requests/Second | Requests/Month |
|---|---|---|
| Free | 2 | 1,000 |
| Pro (Coming Soon) | 20 | 50,000 |
| Enterprise (Coming Soon) | Unlimited | Custom |
Sending Your Key
Include your API key as a Bearer token in the Authorization header:
cURL
curl -H "Authorization: Bearer ps_xxxxx" \
https://api.paperstack.qzz.io/neet/2024/s1/physics.jsonPython
import requests
headers = {"Authorization": "Bearer ps_xxxxx"}
response = requests.get(
"https://api.paperstack.qzz.io/neet/2024/s1/physics.json",
headers=headers
)
data = response.json()
print(data)JavaScript / Node.js
const response = await fetch(
"https://api.paperstack.qzz.io/neet/2024/s1/physics.json",
{
headers: {
Authorization: "Bearer ps_xxxxx",
},
}
);
const data = await response.json();
console.log(data);Go
package main
import (
"fmt"
"io"
"net/http"
)
func main() {
client := &http.Client{}
req, _ := http.NewRequest("GET",
"https://api.paperstack.qzz.io/neet/2024/s1/physics.json", nil)
req.Header.Set("Authorization", "Bearer ps_xxxxx")
resp, err := client.Do(req)
if err != nil {
panic(err)
}
defer resp.Body.Close()
body, _ := io.ReadAll(resp.Body)
fmt.Println(string(body))
}Ruby
require "net/http"
require "uri"
uri = URI("https://api.paperstack.qzz.io/neet/2024/s1/physics.json")
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
request = Net::HTTP::Get.new(uri)
request["Authorization"] = "Bearer ps_xxxxx"
response = http.request(request)
puts response.bodyGetting an API Key
- Register for a PaperStack account
- Log in to your Dashboard
- Click Generate New Key
- Copy the key immediately — it will only be shown once
- Store it securely (e.g., environment variables, secrets manager)
Key Management
Viewing Your Keys
Your Dashboard shows all active keys with:
- Key prefix (first few characters)
- Creation date
- Last used date
Revoking a Key
If a key is compromised or no longer needed:
- Go to your Dashboard
- Click Revoke next to the key
- The key will be immediately invalidated
Note: Revocation is permanent. Generate a new key to replace a revoked one.
Security Best Practices
- Never expose your API key in client-side code, public repos, or logs
- Use environment variables to store keys in production
- Rotate keys regularly — generate new keys and revoke old ones
- Use separate keys for development and production environments
- Monitor usage on your Dashboard for unusual activity