Authentication
Overview
The Build a Doc connector uses API Key authentication to authorise requests to the Build a Doc service.
Authentication Method
| Property | Value |
|---|---|
| Type | API Key |
| Location | Request header |
| Header Name | x-api-key |
API Key Structure
API keys are unique identifiers associated with your Build a Doc subscription. They:
- Identify your subscription
- Authorise operations
- Track usage for billing
- Enable rate limiting
Obtaining an API Key
- Sign in to the Build a Doc portal
- Navigate to API Keys
- Click Create New Key
- Copy the key immediately
Using the API Key
In Power Automate
When creating a connection:
- Add a Build a Doc action to your flow
- Click + Add new connection
- Enter a connection name
- Paste your API key
- Click Create
Connection Storage
- Connections are stored securely by Power Platform
- Keys are not visible to other users
- Connections are user and tenant-specific
Security Requirements
Key Protection
- Store keys in secure locations (password managers, Azure Key Vault)
- Never expose in client-side code
- Never commit to source control
- Never share via insecure channels
Access Control
- Limit who can access keys
- Use separate keys for different purposes
- Suspend keys when no longer needed
Key Lifecycle
| State | Description |
|---|---|
| Active | Key is valid and can be used |
| Suspended | Key has been deactivated; requests fail with 401 |
Multi-Environment Strategy
Use separate API keys for:
| Environment | Purpose |
|---|---|
| Development | Testing and development |
| Test/UAT | Pre-production validation |
| Production | Live business operations |
Benefits:
- Isolated usage tracking
- Independent rotation schedules
- Clear audit trails
Key Rotation
Rotate keys periodically for security:
- Create new key
- Update connections
- Test thoroughly
- Suspend old key
Recommended rotation frequency: Every 30-180 days or per your security policy.
Expiration options are
- 30 days
- 60 days
- 90 days
- 1 year