All Screenshotly API requests require authentication via an API key.
Getting your API key
- Sign in to your dashboard
- Navigate to API settings
- Copy your API key
Using your API key
Pass your API key using either the X-API-Key header or the api_key query parameter.
curl -X POST https://api.screenshotly.dev/v1/capture \
-H "X-API-Key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{"url": "https://example.com"}'
Query parameter authentication
You can also pass the API key as a query parameter:
curl "https://api.screenshotly.dev/v1/capture?api_key=YOUR_API_KEY&url=https://example.com"
Query parameter authentication exposes your API key in URLs and server logs. Use header authentication whenever possible.
Environment variables
Store your API key in an environment variable to avoid hardcoding it:
export SCREENSHOTLY_API_KEY="your-api-key-here"
const client = new Screenshotly(process.env.SCREENSHOTLY_API_KEY);
Authentication errors
If your API key is missing, the API returns a 401 response:
{
"error": {
"code": "missing_api_key",
"message": "API key is required. Pass it via X-API-Key header or api_key query parameter."
}
}
{
"error": {
"code": "invalid_api_key",
"message": "The provided API key is invalid or has been revoked."
}
}
Security best practices
- Never expose keys in client-side code — only use API keys in server-side applications
- Don’t commit keys to version control — use
.env files and add them to .gitignore
- Use separate keys for environments — generate different keys for development, staging, and production
- Rotate keys regularly — revoke old keys and generate new ones from the dashboard
- Revoke compromised keys immediately — if a key is exposed, revoke it in API settings
