API Keys
Endpoints for creating, listing, and revoking API keys.
API key management endpoints require session authentication (cookies from the dashboard), not API key authentication. These are intended for use from the web dashboard or server-side applications that manage keys on behalf of users.
List API Keys
GET /api/v1/api-keysReturns all active (non-revoked) API keys for the authenticated user, ordered by creation date (newest first).
Response
[
{
"id": "clx1abc2d3e4f5g6h7i8j9k0",
"name": "Production",
"keyPrefix": "sk_live_abc1",
"lastUsedAt": "2026-03-24T15:30:00.000Z",
"createdAt": "2026-03-24T12:00:00.000Z"
},
{
"id": "clx2def3g4h5i6j7k8l9m0n1",
"name": "Staging",
"keyPrefix": "sk_live_def2",
"lastUsedAt": null,
"createdAt": "2026-03-20T09:00:00.000Z"
}
]Example
curl "https://screenshotapi.to/api/v1/api-keys" \
--cookie "session=your_session_cookie"const response = await fetch('https://screenshotapi.to/api/v1/api-keys', {
credentials: 'include'
})
const keys = await response.json()
keys.forEach(key => {
console.log(`${key.name}: ${key.keyPrefix}...`)
})import requests
response = requests.get(
"https://screenshotapi.to/api/v1/api-keys",
cookies={"session": "your_session_cookie"}
)
for key in response.json():
print(f"{key['name']}: {key['keyPrefix']}...")Create API Key
POST /api/v1/api-keysCreates a new API key. The full key is returned only in this response — store it securely.
Request Body
| Field | Type | Required | Description |
|---|---|---|---|
name | string | Yes | Human-readable name for the key (1–100 characters) |
Response
{
"id": "clx1abc2d3e4f5g6h7i8j9k0",
"name": "Production",
"key": "sk_live_your_new_api_key_shown_once",
"keyPrefix": "sk_live_abc1",
"createdAt": "2026-03-24T12:00:00.000Z"
}The key field contains the full API key. Copy it immediately. It cannot be retrieved again — we only store a cryptographic hash.
Example
curl -X POST "https://screenshotapi.to/api/v1/api-keys" \
-H "Content-Type: application/json" \
-d '{"name": "Production"}' \
--cookie "session=your_session_cookie"const response = await fetch('https://screenshotapi.to/api/v1/api-keys', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
credentials: 'include',
body: JSON.stringify({ name: 'Production' })
})
const { key } = await response.json()
// Store this key securely — it won't be shown again
console.log(`New API key: ${key}`)import requests
response = requests.post(
"https://screenshotapi.to/api/v1/api-keys",
json={"name": "Production"},
cookies={"session": "your_session_cookie"}
)
data = response.json()
# Store this key securely — it won't be shown again
print(f"New API key: {data['key']}")Revoke API Key
DELETE /api/v1/api-keys/:idRevokes an API key. The key stops working immediately. Revoked keys are soft-deleted and do not appear in the list endpoint.
URL Parameters
| Parameter | Type | Description |
|---|---|---|
id | string | The API key ID (from the create or list response) |
Response
{
"success": true
}Error Responses
| Status | Body | Description |
|---|---|---|
404 | {"error": "API key not found"} | Key doesn't exist or doesn't belong to you |
Example
curl -X DELETE "https://screenshotapi.to/api/v1/api-keys/clx1abc2d3e4f5g6h7i8j9k0" \
--cookie "session=your_session_cookie"const keyId = 'clx1abc2d3e4f5g6h7i8j9k0'
const response = await fetch(
`https://screenshotapi.to/api/v1/api-keys/${keyId}`,
{
method: 'DELETE',
credentials: 'include'
}
)
if (response.ok) {
console.log('API key revoked successfully')
}import requests
key_id = "clx1abc2d3e4f5g6h7i8j9k0"
response = requests.delete(
f"https://screenshotapi.to/api/v1/api-keys/{key_id}",
cookies={"session": "your_session_cookie"}
)
if response.ok:
print("API key revoked successfully")