API Keys
Create, store, rotate, and use ScreenFramed API keys safely.
Create API keys from Dashboard > API Keys. Keys are shown once at creation time.
Recommended key setup
| Use case | Key type | Notes |
|---|---|---|
| Production backend | Live key | Store in your app secret manager. |
| CI screenshot refresh | Live or test key | Use live when the output is published; test when validating request shape. |
| Local development | CLI login or test key | Prefer screenframed login for local work. |
| Customer-facing browser | Signed URL | Never ship raw API keys to clients. |
Store a key locally
bashexport SCREENFRAMED_API_KEY="sf_live_..."
For long-lived local configuration:
bashscreenframed loginscreenframed status
Rotate a key
1
Create the replacement key
Add a new key in the dashboard and deploy it to the target environment.
2
Confirm the new key is used
Call /v1/usage or run a low-cost test capture.
3
Revoke the old key
Delete or revoke the old key after all workers, CI jobs, and local scripts have moved over.
Key safety checklist
Key safety
Prefer bearer headers
Use bearer headers instead of query-string keys.
Separate environments
Use separate keys per environment and automation surface.
Keep keys server-side
Do not put API keys in frontend bundles.
Use signed URLs for browsers
Use signed URLs for browser-triggered renders.
Rotate when access changes
Rotate keys when a teammate leaves or a CI environment changes.
All steps complete