ScreenshotOne API keys

Your ScreenshotOne API key is the access_key value used to authenticate API requests.

Get an API key

1. Sign up or sign in to ScreenshotOne.
2. Open the access page.
3. Create or copy an API key.
4. Use it as access_key when calling the API.

API keys are scoped to your ScreenshotOne organization. If you work in more than one organization, make sure you copy the key from the organization you want to use.

Use the API key

You can send the API key in the query string:

GET https://api.screenshotone.com/take?url=https://example.com&access_key=<your access key>

Or in a POST JSON body:

POST https://api.screenshotone.com/take
Content-Type: application/json

{
    "access_key": "<your access key>",
    "url": "https://example.com"
}

Or as an HTTP header:

GET https://api.screenshotone.com/take?url=https://example.com
X-Access-Key: <your access key>

API key and secret key

The API key authenticates your request. The secret key is different: use it to sign public links or verify signed webhook payloads.

Do not send the secret key as an API request parameter. If signing is required, send the generated signature value instead.

Keep the key private

Treat your API key like a password:

• Store it in environment variables or a secrets manager.
• Do not commit it to source control.
• Do not expose unsigned screenshot URLs with your API key in public pages.
• Use signed links when a screenshot URL must be shared publicly.

If a key is exposed, create a replacement on the access page, update your application configuration, and stop using the exposed key.

Related errors

If requests fail because of the API key, check:

• access_key_required when the request does not include a key.
• access_key_invalid when the key is missing characters, copied from the wrong organization, or no longer valid.