Authentication

Secure your API requests with API keys. Learn how to create, manage, and rotate your keys safely.

API Keys

SnapshotAI uses API keys to authenticate requests. Your API keys carry many privileges, so be sure to keep them secure!

Keep your API keys secret!

Never expose your API keys in client-side code, GitHub, or public repositories. Use environment variables instead.

API Key Format

LIVE KEYsk_live_...

All API keys start with sk_live_ followed by 48 random characters.

Example:

sk_live_Ox-hfmB3RGfsQUkYkJ-wHKsmPfnh1ZiePVEjcOL0Yisf4Fsj

Making Authenticated Requests

Include your API key in the Authorization header with the Bearer scheme:

Request Example

curl https://snapshotai.dev/api/v1/screenshots \
  -H "Authorization: Bearer sk_live_YOUR_API_KEY_HERE" \
  -H "Content-Type: application/json"

Tip: Store your API key in environment variables:

export SNAPSHOTAI_API_KEY="sk_live_..."

Authentication Errors

401 Unauthorized

Missing or invalid API key

{
  "success": false,
  "error": {
    "message": "Invalid API key",
    "code": "UNAUTHORIZED"
  }
}

403 Forbidden

API key is inactive or expired

{
  "success": false,
  "error": {
    "message": "API key is inactive",
    "code": "FORBIDDEN"
  }
}

Creating API Keys

Via Dashboard

Navigate to Dashboard → API Keys
Click Create New Key
Choose a name and type (Live or Test)
Optionally set an expiration date
Click Create and save the key immediately

Via API

POST /api/v1/keys

curl -X POST https://snapshotai.dev/api/v1/keys \
  -H "Authorization: Bearer YOUR_SESSION_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Production API Key",
    "type": "live",
    "expires_at": "2025-12-31T23:59:59Z"
  }'

⚠️ Save Your Key Immediately

The full API key is only shown once during creation. If you lose it, you'll need to create a new one.

Key Rotation

If your API key is compromised, rotate it immediately:

POST /api/v1/keys/:id/rotate

curl -X POST https://snapshotai.dev/api/v1/keys/KEY_ID/rotate \
  -H "Authorization: Bearer YOUR_SESSION_TOKEN"

This will:

Immediately invalidate the old key
Generate a new key with the same permissions
Return the new key (save it immediately!)

Best Practice: Regular Rotation

Rotate your API keys every 90 days as a security best practice, even if not compromised.

Security Best Practices

Use environment variables

Never hardcode API keys in your source code

Use separate keys per environment

Create different keys for development, staging, and production

Monitor API key usage

Check the last_used_at field regularly

Set expiration dates

Limit the lifetime of API keys for temporary access

Delete unused keys

Remove keys that are no longer needed

Use HTTPS only

Never send API keys over unencrypted connections

If Your API Key is Compromised

Act immediately if you suspect a key is compromised:

Deactivate the key in your dashboard
Rotate to a new key using the API or dashboard
Review recent usage logs for suspicious activity
Update all applications using the old key
Contact support if unauthorized usage occurred

Need help? Contact our security team at security@snapshotai.dev

Next Steps

Rate Limits →

Learn about usage limits and how to handle rate limiting

API Reference →

Explore all API endpoints and parameters