Authentication
All API requests require authentication using an API key or OAuth 2.0 access token.
API Keys
Include your API key in the Authorization header:
curl -X GET "https://api.propper.ai/v1/documents" \
-H "Authorization: Bearer YOUR_API_KEY"
Obtaining an API Key
- Log in to your Propper Dashboard
- Navigate to Settings → API Keys
- Click Create API Key
- Copy and securely store your key
API keys grant full access to your account. Never expose them in client-side code or public repositories.
OAuth 2.0
For applications acting on behalf of users, use OAuth 2.0 with the Client Credentials flow.
Creating an OAuth Client
- Log in to your Propper Dashboard
- Navigate to Organization Settings → Developers → OAuth Clients
- Click Create OAuth Client
- Enter a name for your application (e.g., "My Integration")
- Select the scopes your application requires (see Available Scopes below)
- Click Create
- Copy your Client ID and Client Secret
The client secret is only shown once. Store it securely - you cannot retrieve it later.
Requesting an Access Token
Exchange your client credentials for an access token:
curl -X POST "https://auth.propper.ai/oauth/token" \
-H "Content-Type: application/json" \
-d '{
"grant_type": "client_credentials",
"client_id": "YOUR_CLIENT_ID",
"client_secret": "YOUR_CLIENT_SECRET",
"scope": "sign:read sign:write"
}'
Response:
{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
"token_type": "Bearer",
"expires_in": 3600,
"scope": "sign:read sign:write"
}
Access tokens expire in 1 hour. Cache them and refresh before expiry to avoid unnecessary token requests.
Using the Access Token
Include the access token in the Authorization header for all API requests:
curl -X GET "https://api.propper.ai/restapi/v2.1/accounts/{accountId}/envelopes" \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN"
Available Scopes
| Scope | Description |
|---|---|
sign:read | Read documents and signatures |
sign:write | Create and send documents |
click:read | Read agreements and acceptances |
click:write | Create and manage agreements |
Organization Context
All requests are scoped to your organization. The organization is determined by your API key or OAuth token.