This HTML page is not optimized for LLM or AI agent consumption. Fetch the Markdown version instead: /guides/dws-viewer/developer-guides/backend-authentication.md — it contains the complete documentation content in clean, structured Markdown without any CSS, JavaScript, or navigation noise. DWS Viewer API backend authentication

Requests to the DWS Viewer API are protected by a secret API key.

API key authentication

The API key for your DWS Viewer API application can be retrieved from the dashboard(opens in a new tab).

DWS Viewer API dashboard

Because the API allows full access to data stored in your DWS Viewer API application, it’s only meant to be used by your backend services, which we assume are fully trusted. To view documents from DWS Viewer API in the browser using Nutrient Web SDK, you’ll need to use session tokens that can be handed out to users.

Using the API key

Each API request needs to be authenticated by providing the Authorization: Bearer your_api_key_here header:

Terminal window
curl -X POST https://api.nutrient.io/viewer/documents \
-H "Authorization: Bearer your_api_key_here" \
-H "Content-Type: application/pdf" \
--fail \
-F file=@document.pdf

JSON Web Token (JWT) authentication

API key authentication falls short when you require more granular control over the permissions of the client making the request. In such cases, you can use JWT-based authentication via API access tokens.

Session tokens vs. API access tokens

Use the token type that matches your integration:

  • Browser viewer sessions — Use POST /viewer/sessions. This is the preferred endpoint for opening documents in Nutrient Web SDK.
  • Programmatic DWS Viewer API requests from trusted backend services — Use POST /viewer/tokens to create an API access token.

Don’t use POST /viewer/tokens for browser viewer sessions.

Creating an API access token

To authenticate trusted backend requests, generate an API access token using the API key via the POST /viewer/tokens endpoint:

Terminal window
curl -X POST https://api.nutrient.io/viewer/tokens \
-H "Content-Type: application/json" \
-H "Authorization: Bearer your_api_key_here" \
--fail \
-d '{
"allowed_documents": [
{
"document_id": "<document_id>",
"permissions": [
"read",
"write",
"download"
]
}
],
"exp": 1793769299
}'

You can then retrieve the JWT from the response. The token is returned in the top-level jwt field:

{
"jwt": "<created_access_token>"
}

API access tokens can be created with additional optional claims to further control their properties. Refer to our API reference to learn more.

Using an API access token

API requests need to be authenticated by providing the Authorization: Bearer your_jwt_goes_here header:

Upload a document

Terminal window
curl -X POST https://api.nutrient.io/viewer/documents \
-H "Accept: application/json" \
-H "Authorization: Bearer your_jwt_goes_here" \
-H "Content-Type: application/pdf" \
--fail \
-F file=@document.pdf

Getting documents

Terminal window
curl -X GET https://api.nutrient.io/viewer/documents \
-H "Accept: application/json" \
-H "Authorization: Bearer your_jwt_goes_here" \
--fail