> ## Documentation Index
> Fetch the complete documentation index at: https://docs.screenshotly.app/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Learn how to authenticate your API requests

# Authentication

Screenshotly uses API tokens for authentication. Each request to the API must include your token in the Authorization header.

## Getting Your API Token

1. Sign in to your [Screenshotly Dashboard](https://screenshotly.app/dashboard)
2. Navigate to the [API Tokens](https://screenshotly.app/dashboard/tokens) page
3. Click "Generate New Token"
4. Give your token a descriptive name (e.g., "Development", "Production")
5. Copy your token immediately - you won't be able to see it again!

## Using Your Token

Include your API token in the `Authorization` header with the `Bearer` scheme:

```bash theme={null}
Authorization: Bearer YOUR_API_TOKEN
```

Example request:

<CodeGroup>
  ```bash cURL theme={null}
  curl -X POST https://api.screenshotly.app/screenshot \
    -H "Authorization: Bearer YOUR_API_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{
      "url": "https://example.com"
    }'
  ```

  ```typescript TypeScript theme={null}
  const response = await fetch('https://api.screenshotly.app/screenshot', {
    method: 'POST',
    headers: {
      'Authorization': `Bearer ${API_TOKEN}`,
      'Content-Type': 'application/json',
    },
    body: JSON.stringify({
      url: 'https://example.com',
    }),
  });
  ```

  ```python Python theme={null}
  import requests

  response = requests.post(
      'https://api.screenshotly.app/screenshot',
      headers={
          'Authorization': f'Bearer {API_TOKEN}',
      },
      json={
          'url': 'https://example.com',
      },
  )
  ```
</CodeGroup>

## Token Security

Follow these best practices to keep your tokens secure:

* Never share your API tokens or commit them to version control
* Use different tokens for development and production environments
* Set appropriate expiration dates for your tokens
* Store tokens securely in environment variables
* Revoke compromised tokens immediately through the dashboard

## Rate Limits

Rate limits are applied per token and vary by plan:

<CardGroup>
  <Card title="Free" icon="sparkles">
    * 500 requests per day
    * 2 concurrent requests
    * 10MB max file size
  </Card>

  <Card title="Pro" icon="rocket">
    * 5,000 requests per day
    * 5 concurrent requests
    * 20MB max file size
  </Card>
</CardGroup>

### Rate Limit Headers

The API includes rate limit information in the response headers:

```bash theme={null}
X-RateLimit-Limit: 500
X-RateLimit-Remaining: 495
X-RateLimit-Reset: 1635724800
```

### Rate Limit Errors

When you exceed your rate limit, the API will return a `429 Too Many Requests` response:

```json theme={null}
{
  "error": "Rate limit exceeded",
  "reset": 1635724800
}
```

## Token Management

Manage your tokens through the [dashboard](https://screenshotly.app/dashboard/tokens):

* Generate new tokens
* View active tokens
* Monitor token usage
* Revoke tokens
* Set expiration dates

## Next Steps

* Learn how to [capture screenshots](/api/screenshots)
* Explore [mockup options](/guides/using-mockups)
* Check out our [best practices](/guides/best-practices)
