Authentication

Penvio supports multiple authentication methods for both the web application and API.

Web Application

Email & Password

The simplest way to get started:

Go to Sign Up
Enter your name, email, and password (minimum 8 characters)
Verify your email address
Sign in at the Login page

Google OAuth

For faster sign-in:

Click “Sign in with Google” on the login page
Select your Google account
Grant permission for Penvio to access your basic profile

Penvio only requests basic profile information (name and email). We never access your Google Drive or other data.

Enterprise SSO

Business and Enterprise plans support SAML 2.0 SSO:

Contact your administrator to configure SSO
Access Penvio through your organization’s identity provider
You’ll be automatically signed in

API Authentication

For programmatic access, the API uses bearer token authentication.

Getting Your API Token

API access requires a Business or Enterprise subscription.

Sign in to Penvio
Go to Settings → API
Click Generate API Key
Copy and securely store your key

🔒

Keep your API key secret! Never commit it to version control or share it publicly.

Using Your API Token

Include your token in the Authorization header:

cURL


curl -X GET https://penvio.io/api/documents \
  -H "Authorization: Bearer YOUR_API_TOKEN"

JavaScript


const response = await fetch('https://penvio.io/api/documents', {
  headers: {
    'Authorization': 'Bearer YOUR_API_TOKEN',
  },
});
 
const data = await response.json();

Python


import requests
 
response = requests.get(
    'https://penvio.io/api/documents',
    headers={'Authorization': 'Bearer YOUR_API_TOKEN'}
)
 
data = response.json()

Token Security Best Practices

Use environment variables - Never hardcode tokens in your code
Rotate regularly - Generate new tokens periodically
Use separate tokens - Create different tokens for different environments
Monitor usage - Review API activity in the dashboard

Session Cookies

If you’re building a browser-based integration, you can also use session cookies:

Direct users to the Penvio login page
After login, the session cookie is automatically set
Subsequent requests include the session cookie

This is useful for embedding Penvio in an iframe or building browser extensions.

Rate Limits by Authentication

Method	Rate Limit
Session Cookie	100 requests / 15 min
API Token	100 requests / 15 min
Unauthenticated	10 requests / 15 min (public endpoints only)

See Rate Limits for more details.

Troubleshooting

”Unauthorized” (401) Error

Check that your token is correct and hasn’t expired
Verify the Authorization header format: Bearer YOUR_TOKEN
Ensure your subscription includes API access

”Forbidden” (403) Error

Your account may not have access to the requested resource
Check that the document belongs to your organization

Session Expired

Web sessions expire after 30 days of inactivity. Simply sign in again to continue.

Next Steps

Account Setup - Configure your profile and security settings
Authentication Setup - Set up 2FA and manage sessions
Plans & Pricing - Choose a plan with API access