Make sure you’ve set the
Authorization header to
Token token=<secret>, where
<secret> is the API authentication token you’ve set in your
docker-compose.yml file with the
API_AUTH_TOKEN environment variable.
The Server API should only be accessed from your backend servers and not by the clients. Giving the API authentication token to clients is a security concern. More information about how PSPDFKit Document Engine is secured can be found in the PSPDFKit security guide.