Authentication
All API requests require an API key passed in the Authorization header.
Creating an API key
- Sign in to Forge Json
- Go to Dashboard → API Keys
- Click Create New Key
- Give it a name and select permissions
- Copy the key — it’s only shown once
API keys start with the prefix fje_.
Using your API key
Include the key in the Authorization header as a Bearer token:
curl -X GET https://forgejson.com/api/v1/documents \
-H "Authorization: Bearer fje_your_api_key_here"Keep your API key secret. Never commit it to source control or expose it in client-side code.
The live API schema is also available at /api/openapi.
Permissions
When creating an API key, you select what it can access:
| Permission | Allows |
|---|---|
documents | Read, create, update, and delete documents |
pipelines | Execute saved pipelines |
utilities | Run individual utilities |
* | All permissions |
A request to an endpoint without the required permission returns 403 Forbidden.
Rate limiting
API requests are rate-limited per key. Response headers indicate your current status:
| Header | Description |
|---|---|
X-RateLimit-Remaining | Requests remaining in the current window |
X-RateLimit-Reset | Unix timestamp when the limit resets. Most useful on rate-limited responses. |
When the limit is exceeded, requests return 429 Too Many Requests.
Monthly credits
Each API key is tied to your account’s monthly credit allocation:
| Plan | Monthly credits |
|---|---|
| Starter (Free) | 100 |
| Pro ($12/mo) | 10,000 |
| Team ($49/mo) | 100,000 |
Successful pipeline and utility executions consume 1 credit each. Document API calls are also tracked for usage in the current backend implementation. Failed executions do not consume execution credits.
Error responses
All authentication errors return a consistent format:
{
"success": false,
"error": "Invalid API key"
}| Status | Meaning |
|---|---|
401 | Missing Authorization header, invalid key format, or revoked key |
403 | Key lacks the required permission for this endpoint |
429 | Rate limit exceeded |