Authentication
Learn how to authenticate your API requests using API keys.
Keep your API keys secure. Never share them publicly or commit them to version control.
Getting Your API Key
To use the SnagKit API, you need an API key. Generate one from your account settings:
- Go to Settings → API Keys
- Click "Generate API Key"
- Copy and save your key securely (you'll only see it once)
Authentication Methods
SnagKit supports three ways to authenticate your API requests:
1. HTTP Header
Recommended
Pass your API key in the X-API-Key header. This is the most secure method and recommended for production use.
2. Query Parameter
Include your API key as a query parameter api_key. Useful for quick testing but less secure as the key appears in URLs.
3. Request Body
Include your API key in the JSON request body (POST requests only). Alternative to header authentication.
Security Best Practices
- Store API keys in environment variables, never in code
- Use header authentication for better security
- Revoke compromised keys immediately from settings
- Rotate keys periodically (every 90 days recommended)
- Never log or display API keys in client-side code
- Always use HTTPS for API requests
Examples
Live API
Request with Header (Recommended)
curl -X POST https://snagkit.io/api/v1/capture \
-H "X-API-Key: sk_live_xxx" \
-d "url=https://example.com" \
-d "format=png" \
-d "response_type=json"Response (200 OK)
{
"url": "/api/files/.../screenshot.png",
"size": 245678,
"format": "PNG",
"status": "completed",
"id": "cmg1abc123"
}Response Headers
X-RateLimit-Limit: 20
X-RateLimit-Remaining: 15
X-Quota-Limit: 100
X-Quota-Remaining: 85