Skip to main content
Clever Ops
API keys

How to create a PandaDoc API key

A PandaDoc API key is a long string of characters that lets a connected tool sign in to your PandaDoc account programmatically, so it can read your documents, templates, and contacts and create or send documents on your behalf without anyone logging in by hand. You create the key in the PandaDoc Dev Centre, copy it once, and paste it into the tool that needs it. PandaDoc gives you two kinds of key: a Sandbox key for safe testing (it watermarks PDFs and prefixes documents with "[DEV]") and a Production key for real, live work. PandaDoc also supports OAuth 2.0 applications for tools that prefer that flow. The key is not your password and you can revoke it at any time, which immediately cuts off the tool using it without affecting your login.

About 5 minutes
Time to complete
5
Steps
Book Free AssessmentAll guides

Keep this credential safe

A PandaDoc API key is like a password: anyone who has it can act on your account up to whatever the key allows, including reading and sending documents. Test with a Sandbox key first and only generate a Production key when you genuinely need live access. Create the key from an account that has just the access the tool needs, never more. Share it through a secure method such as a password manager share link, never in plaintext email or chat. Delete or rotate the key the moment a tool no longer needs it or someone leaves, and remember that revoking a key takes effect immediately.

Access to grant

API key (Sandbox for testing, Production for live use). OAuth 2.0 application (client id and secret) is available as an alternative.

Who you're granting access to

  • The developer, consultant, or tool that will read your data and work with your documents through the PandaDoc API.

Before you start

  • You need to be the account owner or an Admin in PandaDoc, because only those roles can open the Dev Centre and generate keys.
  • On a Business plan you first have to enable the Dev Centre under Settings before any keys appear; Sandbox keys are available once it is enabled.
  • A Production API key requires an active Enterprise (API) plan and approval from PandaDoc, so contact your account manager or their sales team if you do not already have Production access.

Step by step

  1. 1

    Open the Dev Centre

    Sign in to PandaDoc as the owner or an Admin. Go to Settings, then API and Integrations, then API, and open the Dev Centre (on a Business plan, switch the Dev Centre on first). Only owners and Admins can see this area.

  2. 2

    Open the Configuration page

    Inside the Dev Centre, go to the Configuration page. This is where you create and manage both your API keys and any OAuth 2.0 applications. You will see a Sandbox section for test keys and, if your plan allows it, a Production section.

  3. 3

    Generate a Sandbox key to test safely first

    In the Sandbox section, generate a Sandbox API key. Use this key while you set up and test the connection, because Sandbox documents are watermarked, prefixed with "[DEV]", and can only be sent to addresses on your own domain, so nothing real goes out by mistake.

  4. 4

    Generate or request the Production key

    When you are ready for live use, generate the Production key from the Production section. If you are on a Business plan or Production is not yet enabled, the option will be locked: contact your PandaDoc account manager or their sales team to have Production API access activated on an Enterprise (API) plan. Keys inherit the permissions of the user who creates them, so create the key from an account with the access the tool genuinely needs and no more.

  5. 5

    Copy the key and share it securely

    Copy the generated key straight away and paste it into the tool that needs it. Treat it like a password: never send it in plaintext email or a chat message. Share it through a password manager share link or another secure channel. The tool sends it on every request as an Authorization header in the form "API-Key {your-key}".

Removing access afterwards

  1. Go to Settings, then API and Integrations, then API, and open the Dev Centre.
  2. Open the Configuration page and find the key (Sandbox or Production) you want to remove.
  3. Delete or revoke that key. Any tool using it stops working immediately, so generate a fresh key first if you are rotating rather than switching off.
  4. Note that PandaDoc automatically deactivates any keys a user created if that user is removed from the workspace, which is a quick way to cut off access tied to someone who has left.

If that option is not available

If you are on a plan that does not expose the Dev Centre, or you only need Production access, contact your PandaDoc account manager or their sales team to enable API access, then follow the steps above. If you would rather not hand over a key at all, you can give the developer read-only viewer access to your workspace, or screen-share on a short call so they can see how your documents and templates are structured. You should never need to share your PandaDoc password.

Frequently Asked Questions

A Sandbox key is for testing. Documents it creates are watermarked, prefixed with "[DEV]", limited in request rate, and can only be sent to addresses on your own domain, so nothing real goes out. A Production key is for live work with no watermarks. Always test with Sandbox first, then switch the tool to Production.

Sandbox keys are available on the Business plan once you enable the Dev Centre, and on Enterprise (API) plans. A Production key requires an active Enterprise (API) plan and approval from PandaDoc. If Production is locked, contact your account manager or their sales team to have it activated.

Treat it exactly like a password. Never paste it into plaintext email or chat. Share it through a password manager share link or another secure channel, create it from an account with only the access the tool needs, and delete or rotate it as soon as it is no longer required. The fewer copies of the key exist, the safer your account.

Open the Dev Centre, go to the Configuration page, find the key, and delete or revoke it. The change is immediate, so any tool using that key stops working straight away. To rotate without downtime, generate a new key, update the tool to use it, then delete the old one.

For a single tool or your own integration, an API key is the simplest option. OAuth 2.0 (a client id and secret created as an application in the same Configuration page) suits products that need to connect to many PandaDoc accounts or want users to authorise access themselves. The tool or developer you are working with will tell you which one they need.

PandaDoc ties each key to the user who generated it, and it automatically deactivates that user's keys if they are removed from the workspace. That is useful for offboarding, but it also means you should generate shared integration keys from a stable admin account rather than a personal one that might be removed.

Related guides

How to create a Xero API key (Custom Connection)How to create a Typeform API key (personal access token)How to create a monday.com API tokenHow to create a Stripe restricted API key

Steps last checked against PandaDoc on 2026-06-09.

Based on official PandaDoc documentation: PandaDoc for Developers: API Key Authentication Process, PandaDoc for Developers: Sandbox API Authentication Key, PandaDoc for Developers: Production API Key, PandaDoc for Developers: OAuth 2.0 Authentication Overview, PandaDoc Help Centre: PandaDoc API. PandaDoc is a trademark of its respective owner; this guide is independent and for instruction only.

Want this handled for you?

Clever Ops connects and automates the systems mid-market businesses already run. Book a free assessment and we will map your stack.

Book Free Assessment