Crove Docs
Crove Docs
Crove Documentation

Getting Started

IntroductionQuick StartKey Concepts

Templates

Templates OverviewTemplate EditorVariablesExpressionsForm Builder

Documents

Documents OverviewCreating DocumentsFilling DocumentsE-SignaturesPDF Generation

API Reference

API OverviewAuthenticationTemplates APIDocuments APIRate Limits

Webhooks

Webhooks OverviewOutgoing WebhooksIncoming WebhooksWebhook Events

Integrations

Integrations OverviewZapier IntegrationAPI Keys

Account & Billing

Account OverviewTeam ManagementBilling & PlansWorkspace Settings

Authentication

Authenticate with the Crove API using API keys.

Authentication

The Crove API uses API keys for authentication. Every request must include a valid API key in the Authorization header.

Creating an API key

  1. Go to Settings > API Keys in your Crove workspace
  2. Click Create API Key
  3. Enter a descriptive name (e.g., "Production API", "Zapier Integration")
  4. Copy the API key immediately — it's only shown once

Store your API key securely. It provides full access to your workspace's templates and documents. Never expose it in client-side code or public repositories.

Using the API key

Include your API key in the Authorization header of every request:

curl -X GET https://crove.app/api/external/v1/templates \
  -H "Authorization: Bearer YOUR_API_KEY"

JavaScript example

const response = await fetch('https://crove.app/api/external/v1/templates', {
  headers: {
    'Authorization': 'Bearer YOUR_API_KEY',
    'Content-Type': 'application/json',
  },
});

const data = await response.json();

Python example

import requests

headers = {
    'Authorization': 'Bearer YOUR_API_KEY',
    'Content-Type': 'application/json',
}

response = requests.get(
    'https://crove.app/api/external/v1/templates',
    headers=headers
)

data = response.json()

Managing API keys

Viewing keys

Go to Settings > API Keys to see all your active API keys. Each key shows:

  • Name
  • Created date
  • Last used date

Revoking a key

Click Revoke next to any API key to immediately disable it. All requests using that key will return 401 Unauthorized.

Revoking an API key is permanent and takes effect immediately. Any integrations using the key will stop working.

API key permissions

API keys have the same permissions as the workspace admin who created them. They can:

  • List, create, update, and delete templates
  • List, create, update, and delete documents
  • Send document invitations
  • Download PDFs
  • Access webhook configurations

API keys cannot:

  • Manage workspace settings
  • Manage team members
  • Access billing information
  • Access other workspaces

Security best practices

  1. Use environment variables — Store API keys in environment variables, not in code
  2. Rotate keys regularly — Create new keys and revoke old ones periodically
  3. One key per integration — Use separate API keys for each integration so you can revoke individually
  4. Never commit keys — Add .env files to your .gitignore
  5. Monitor usage — Check the "last used" date to identify unused keys
# Good: Environment variable
export CROVE_API_KEY="your_key_here"

# In code
const apiKey = process.env.CROVE_API_KEY;

Error responses

Missing API key

{
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Missing API key. Include it in the Authorization header."
  }
}

Invalid API key

{
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Invalid API key."
  }
}

Revoked API key

{
  "error": {
    "code": "UNAUTHORIZED",
    "message": "This API key has been revoked."
  }
}

API Overview

Integrate Crove into your workflows with the REST API. Create templates, generate documents, and automate your document pipeline.

Templates API

Create, list, update, and delete templates via the Crove REST API.

On this page

AuthenticationCreating an API keyUsing the API keyJavaScript examplePython exampleManaging API keysViewing keysRevoking a keyAPI key permissionsSecurity best practicesError responsesMissing API keyInvalid API keyRevoked API key