KERNIT Documentation
Authentication
KERNIT API calls use Bearer tokens. Send your key in the Authorization header on api.kernit.org requests, and treat missing or invalid auth as a request configuration problem.
Header Format#
Authorization: Bearer sk_kernit_live_YOUR_KEY
ALL
Authorization: Bearer <api-key>
Authentication Contract#
Document-processing routes require Bearer auth. Missing keys, invalid keys, exhausted access, and scan-token mismatches are request-state issues your client should expose clearly.
Key Types#
| Key type | Used by | Managed through |
|---|---|---|
| Individual API key | Single-user API access and self-serve integrations. | /api-keys and the API dashboard. |
| Organization key | Teams, institutions, and shared-credit API clients. | /org-keys and the API client dashboard. |
| Browser session token | Authenticated dashboard and account operations. | /me and account UI flows. |
Auth Errors#
A missing key returns an authorization error. A valid key can still be blocked by access status, expired pilot access, exhausted API credits, or team policy.
FAQ
- Can browser sessions call the document API?
- The dashboard uses authenticated browser sessions for account management, but production automation should use Bearer API keys.
- Can I rotate keys?
- Yes. Create a new key, deploy it to your integration, then revoke the old key once traffic has moved.
Was this page useful?Send a lightweight docs feedback event.