Authentication

API keys

Create keys in Dashboard → API keys. Keys are prefixed sk_live_. A key's plaintext is shown once at creation — copy it somewhere safe; we only ever store a salted hash, so we can't show it again. You can mint multiple keys (e.g. one per environment or service) and revoke any one instantly.

Using a key

Send the key as a Bearer token in the Authorization header on every request to /v1/screenshot:

Authorization: Bearer sk_live_...

A missing or invalid key returns 401 invalid_api_key. Keys carry the screenshot:write scope required by the /v1/screenshot endpoint; a valid key without that scope returns 403 insufficient_scope. Keep keys server-side — never ship them in client-side code or a public repo. See Errors for the full list.

Rotating keys

To rotate a key, create a new one, switch your application over to it, then revoke the old key from the dashboard. Revocation takes effect immediately, so do it only once the new key is live.