Authentication
Secure your API requests with Scrpy's authentication system. Learn about API keys, security best practices, and access management.
API Keys
All API requests require authentication using an API key. Include your key in the Authorization header:
bash
Authorization: Bearer sk_live_xxxxxxxxxxxxxxxxxxxxxxxxKey Types
Live Keys (sk_live_)
Production keys for live applications. All requests count against your monthly quota.
Test Keys (sk_test_)
Sandbox keys for development. Requests don't count against quota but have limited functionality.
Example Requests
bash
curl -X POST https://api.scrpy.co/v1/scrape \
-H #a5d6ff;">"Authorization: Bearer sk_live_xxxxx" \
-H #a5d6ff;">"Content-Type: application/json" \
-d #a5d6ff;">'{"url": "https://example.com"}'python
import os
from scrpy import Scrpy
client = Scrpy(api_key=os.environ[#a5d6ff;">"SCRPY_API_KEY"])
result = client.scrape(#a5d6ff;">"https://example.com")javascript
import Scrpy from 'scrpy';
const client = new Scrpy(process.env.SCRPY_API_KEY);
const result = await client.scrape('https://example.com');Security Best Practices
Use Environment Variables
Never hardcode API keys. Store them in environment variables or a secrets manager.
Rotate Keys Regularly
Generate new keys periodically and revoke old ones to minimize risk.
Use Separate Keys
Create different keys for development, staging, and production environments.
Never Expose in Client-Side Code
API keys should only be used server-side. Never include them in browser JavaScript.
Authentication Errors
| Status Code | Error | Description |
|---|---|---|
401 | Unauthorized | Missing or invalid API key |
403 | Forbidden | API key doesn't have permission |
429 | Rate Limited | Too many requests |