QuickSign API

Get API Key

Authentication

QuickSign API uses API key authentication to secure all external API requests. Every request must include a valid API key in the request headers.

Authentication

API Key required for all requests

All API requests require authentication using an API key. Include your API key in the request header:

X-API-KEY: your-api-key-here

Don't have an API key? Log in to your account to generate one in Settings → API Settings.

API Key Authentication

All API requests require an X-API-KEY header containing your unique API key. This key is associated with your user account and provides access to all documents you own.

Required Headertext
X-API-KEY: your-api-key-here

Header Name

The header name is case-insensitive. You can use X-API-KEY, x-api-key, or X-Api-Key - all work the same way.

Generate API Key

Follow these steps to generate your API key:

1

Log in to QuickSign

Navigate to app.quicksign.com.au and log in with your account credentials.

2

Go to API Settings

Once logged in, navigate to Settings → API Settings from the main menu.

3

Generate Your Key

Click the "Generate API Key" button. Your API key will be generated and displayed.

Important

Copy and save your API key immediately. For security reasons, you won't be able to view the full key again. If you lose it, you'll need to generate a new one.
4

Store Securely

Store your API key in a secure location such as:

  • Environment variables (.env file)
  • Secret management service (AWS Secrets Manager, HashiCorp Vault)
  • Encrypted configuration files

Using Your API Key

Include your API key in the header of every API request:

cURL Example

cURLbash
curl -X GET https://api.quicksign.com.au/external/api/v1/documents/abc123/audit \
  -H "X-API-KEY: your-api-key-here"

JavaScript (Fetch API)

JavaScriptjavascript
const response = await fetch(
  'https://api.quicksign.com.au/external/api/v1/documents/abc123/audit',
  {
    method: 'GET',
    headers: {
      'X-API-KEY': process.env.QUICKSIGN_API_KEY
    }
  }
)

const data = await response.json()
console.log(data)

Node.js (Axios)

Node.jsjavascript
const axios = require('axios');

const response = await axios.get(
  'https://api.quicksign.com.au/external/api/v1/documents/abc123/audit',
  {
    headers: {
      'X-API-KEY': process.env.QUICKSIGN_API_KEY
    }
  }
);

console.log(response.data);

Python (Requests)

Pythonpython
import requests
import os

api_key = os.environ.get('QUICKSIGN_API_KEY')
url = 'https://api.quicksign.com.au/external/api/v1/documents/abc123/audit'

headers = {
    'X-API-KEY': api_key
}

response = requests.get(url, headers=headers)
print(response.json())

Environment Variables

Always use environment variables to store API keys. Never hardcode keys in your source code.

Security Best Practices

✅ Do's

  • Store in environment variables: Use .env files and never commit them to Git
  • Use HTTPS only: Always make API requests over HTTPS (enforced by our API)
  • Rotate keys regularly: Generate new API keys periodically
  • Monitor usage: Check your API usage regularly for suspicious activity
  • Limit key exposure: Only share keys with team members who need them

❌ Don'ts

  • Don't expose in client-side code: Never include API keys in frontend JavaScript
  • Don't commit to version control: Add .env to .gitignore
  • Don't share publicly: Never post API keys in forums, issues, or public repos
  • Don't hardcode: Avoid putting keys directly in source code
  • Don't reuse across environments: Use different keys for dev, staging, and production

If Your Key Is Compromised

If you suspect your API key has been exposed or compromised:
  1. Immediately regenerate a new API key
  2. Update your applications with the new key
  3. Revoke the old key to prevent unauthorized access
  4. Review your audit logs for suspicious activity

Manage API Keys

View Your API Key

You can view a masked version of your API key at any time in the API Settings page. The full key is only shown once when generated.

Regenerate API Key

To generate a new API key:

  1. Go to Settings → API Settings
  2. Click "Regenerate API Key"
  3. Confirm the action (this will invalidate your old key)
  4. Copy and save your new API key
  5. Update your applications with the new key

Breaking Change

Regenerating your API key will immediately invalidate the old key. Any applications using the old key will stop working until updated.

Revoke API Key

To revoke your API key without generating a new one:

  1. Go to Settings → API Settings
  2. Click "Revoke API Key"
  3. Confirm the action

After revoking, you'll need to generate a new key to use the API again.

API Usage Tracking

Your API usage is tracked and displayed in the API Settings page. You can see:

  • Current Usage: Number of API calls made
  • Usage Limit: Maximum allowed API calls per period
  • Webhook URL: Configured webhook endpoint (if any)

Authentication Errors

If authentication fails, you'll receive one of the following error responses:

Missing API Key (401 Unauthorized)

Error Responsejson
{
  "code": "UNAUTHENTICATED",
  "message": "API key is missing or invalid",
  "data": {}
}

Invalid API Key (401 Unauthorized)

Error Responsejson
{
  "code": "UNAUTHENTICATED",
  "message": "Invalid API key",
  "data": {}
}

Rate Limit Exceeded (429 Too Many Requests)

Error Responsejson
{
  "code": "ERROR",
  "message": "API rate limit exceeded",
  "data": {}
}

For more error codes and handling, see the Error Codes documentation.

Next Steps

API Reference →

Explore all available endpoints

Webhooks →

Set up real-time notifications