API Keys

Create, manage, and revoke API keys for authenticating with the Unmarkdown™ REST API.

Creating an API Key

To create an API key, open Settings and navigate to the API tab. Click "Create key" and give it a descriptive name (for example, "CI/CD pipeline" or "Personal scripts"). Your new key is displayed once. Copy it immediately and store it in a secure location.

Important

Each account can have a maximum of 2 API keys. If you need a new key and already have 2, revoke an existing one first.

Warning

API keys are shown only once at creation time. If you lose a key, you will need to revoke it and create a new one.

Key Format

All Unmarkdown™ API keys follow a consistent format: the prefix um_ followed by 64 hexadecimal characters, totaling 67 characters. This prefix makes it easy to identify Unmarkdown™ keys in your configuration and prevents accidental use of keys from other services.

text

um_a1b2c3d4e5f6...  (67 characters total)

Key Security

Unmarkdown™ stores API keys as SHA-256 hashes. The plaintext key is never stored on Unmarkdown™ servers. This means that if our database were ever compromised, your keys would remain safe. It also means we cannot retrieve a lost key for you.

Never commit API keys to version control
Use environment variables or a secrets manager to store keys
Rotate keys periodically, especially if team members change
Create separate keys for different integrations so you can revoke them independently

Managing Keys

The API tab in Settings lists all your active keys. For each key, you can see the name you assigned, the last four characters of the key, and the creation date. This makes it easy to identify which key is used where, even though the full key is not stored.

Revoking Keys

To revoke a key, click the revoke button next to it in the API tab. Revocation takes effect immediately. Any requests using the revoked key will receive a 401 Unauthorized response. Revoking a key cannot be undone, but you can always create a new key to replace it.

Tip

If you suspect a key has been compromised, revoke it immediately and create a replacement. Update your integrations with the new key as soon as possible.

Key Rotation

With a maximum of 2 keys per account, you can rotate keys without downtime:

Create a second key while the first is still active
Update your integrations to use the new key
Verify everything works with the new key
Revoke the old key

This approach ensures your integrations never experience an interruption during the rotation.

Rate Limits and Quotas

Rate limits and monthly quotas are applied per API key. Your plan determines the limits:

Free: 10 requests per second, 1,000 API calls per month
Pro: 30 requests per second, 10,000 API calls per month

You can check your current month usage in the API tab, or by calling the usage endpoint. Some endpoints are exempt from the monthly quota: GET /v1/documents, GET /v1/documents/:id, GET /v1/templates, and GET /v1/usage.

For full details, see Rate Limits and Usage Quotas.

Billing AI Keys (BYOK)