Authentication
API Keys
RenderShot uses API keys for authentication. All requests must include a valid API key in the Authorization header.
Key Types
| Prefix | Environment | Purpose |
|---|---|---|
sk_live_ | Production | Live API calls, counted against your quota |
sk_test_ | Test | Testing and development (same functionality) |
Authorization Header
Include your API key as a Bearer token:
Authorization: Bearer sk_live_abc123def456...Example
curl -X POST https://api.rendershot.dev/v1/screenshot \
-H "Authorization: Bearer sk_live_abc123def456..." \
-H "Content-Type: application/json" \
-d '{"url": "https://example.com"}'Key Management
- Generate keys from the Dashboard
- Each key is shown once at creation — save it securely
- Revoke compromised keys immediately from the dashboard
- Use
sk_test_keys during development
Security Best Practices
- Never expose keys in client-side code — make API calls from your server
- Use environment variables — don’t hardcode keys in source code
- Rotate keys periodically — create a new key, migrate, then revoke the old one
- Use separate keys per environment — production, staging, development
- Monitor usage — check the dashboard for unexpected spikes