Authentication

All authenticated API requests require a valid API key passed in the Authorization header using the Bearer scheme. Every request without a valid key returns a 401 Unauthorized response.

curl https://api.unmarkdown.com/v1/documents \
  -H "Authorization: Bearer um_your_api_key_here"

You can create API keys from your account settings. Navigate to Settings, then open the API tab. Click "Create new key" and give the key a descriptive name so you can identify its purpose later.

• Each key has a name you choose for identification
• You can create up to 2 keys per account
• Keys are active immediately after creation

Unmarkdown API keys follow a specific format: the prefix um_ followed by 64 hexadecimal characters. This prefix makes it easy to identify Unmarkdown keys in your codebase and in secret scanning tools.

um_a1b2c3d4e5f6...  (64 hex characters total)

API keys are hashed with SHA-256 before being stored in the database. This means Unmarkdown cannot retrieve your key after it is created. The full key is shown exactly once at creation time. Copy it immediately and store it securely.

You can revoke an API key at any time from the API tab in Settings. Revoking a key is immediate and permanent. Any requests using the revoked key will receive a 401 Unauthorized response. There is no way to restore a revoked key. You will need to create a new one.

You can have up to 2 active API keys at a time. This allows you to rotate keys without downtime: create a new key, update your integration, then revoke the old one.

• Create a second key while the first is still active
• Update your application to use the new key
• Verify the new key works, then revoke the old one
• All keys share the same rate limits and quotas tied to your account