Capture screenshots of protected pages with custom headers, cookies, and authentication. Access authenticated dashboards, private content, and API-protected routes.
Many websites require authentication or custom headers to access content. Our API allows you to pass custom HTTP headers, cookies, and authorization credentials to capture screenshots of protected pages, authenticated dashboards, and private content.
When to use authentication?
Pass custom HTTP headers with your request. Useful for API tokens, custom authentication schemes, or any header-based configuration.
objectkey-value pairsconst response = await fetch('https://www.snapshotai.dev/api/v1/screenshots', {
method: 'POST',
headers: {
'Authorization': 'Bearer sk_live_YOUR_API_KEY',
'Content-Type': 'application/json',
},
body: JSON.stringify({
url: 'https://api-protected-site.com',
options: {
headers: {
'X-API-Key': 'your-api-key',
'X-Custom-Header': 'custom-value',
'User-Agent': 'Custom Bot/1.0'
}
}
})
});import requests
response = requests.post(
'https://www.snapshotai.dev/api/v1/screenshots',
headers={'Authorization': 'Bearer sk_live_YOUR_API_KEY'},
json={
'url': 'https://dashboard.example.com',
'options': {
'headers': {
'Authorization': 'Bearer user-access-token-here',
'X-Tenant-ID': 'tenant-123'
},
'wait_for_selector': '#dashboard-loaded'
}
}
)
print(f"Authenticated screenshot: {response.json()['data']['id']}")Pass cookies to maintain session state and access authenticated content. Accepts an array of cookie objects with name, value, domain, and path.
array of objectsEach cookie must have: name, value, domain
const response = await fetch('https://www.snapshotai.dev/api/v1/screenshots', {
method: 'POST',
headers: {
'Authorization': 'Bearer sk_live_YOUR_API_KEY',
'Content-Type': 'application/json',
},
body: JSON.stringify({
url: 'https://app.example.com/dashboard',
options: {
cookies: [
{
name: 'session_id',
value: 'abc123xyz789',
domain: 'app.example.com',
path: '/',
secure: true,
httpOnly: true
},
{
name: 'user_preferences',
value: 'theme=dark',
domain: 'app.example.com',
path: '/'
}
],
wait_for_selector: '.dashboard-content'
}
})
});Security Note: Never hardcode production cookies in your code. Use environment variables or secure secret management.
For HTTP Basic Auth, pass credentials via the Authorization header with base64 encoding, or use the built-in browser prompt handling.
curl -X POST https://www.snapshotai.dev/api/v1/screenshots \
-H "Authorization: Bearer sk_live_YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"url": "https://protected-site.com",
"options": {
"headers": {
"Authorization": "Basic dXNlcm5hbWU6cGFzc3dvcmQ="
}
}
}'
# Note: Base64 encode "username:password"
# In JavaScript: btoa("username:password")
# In Python: base64.b64encode(b"username:password").decode()function createBasicAuthHeader(username, password) {
const credentials = btoa(`${username}:${password}`);
return `Basic ${credentials}`;
}
const response = await fetch('https://www.snapshotai.dev/api/v1/screenshots', {
method: 'POST',
headers: {
'Authorization': 'Bearer sk_live_YOUR_API_KEY',
'Content-Type': 'application/json',
},
body: JSON.stringify({
url: 'https://staging.example.com',
options: {
headers: {
'Authorization': createBasicAuthHeader('admin', 'secure-password')
}
}
})
});Use Environment Variables
Never hardcode credentials. Use environment variables or secret management systems.
Validate Cookie Domain
Ensure cookie domain matches the target URL domain for cookies to be sent correctly.
Wait for Authenticated Content
Use wait_for_selector to ensure authenticated content loads before capturing.
Test Auth Flow First
Verify authentication works in a regular browser before automating screenshots.
Handle Expired Sessions
Implement logic to refresh tokens or cookies when they expire to avoid failed captures.
Our team can help you configure authentication for your specific use case.
Contact Support