Skip to content

API keys

API keys let a script or integration call the AzScraper API without logging in with a password. Each key is scoped to one project and carries that project's organization access. Manage keys in the dashboard under a project's API keys tab, or via the API routes below.

Treat keys like passwords

A key's secret is shown once at creation. Store it in a secret manager or env var. Anyone with the key can spend your credits. Revoke leaked keys immediately.

Using a key

Send the key as a Bearer token, exactly like a JWT access token:

curl -sS "https://api.azscraper.com/projects/$PROJECT_ID/jobs" \
  -H "Authorization: Bearer $AZSCRAPER_API_KEY"

A key authenticates as the user who created it, but is locked to the key's project.

Manage keys

Replace https://api.azscraper.com with your deployment's base URL if self-hosting. All routes require a logged-in JWT (you manage keys from the dashboard session, not with another key).

List keys

GET /private/projects/{projectId}/api-keys

curl -sS "$API_BASE/private/projects/$PROJECT_ID/api-keys" \
  -H "Authorization: Bearer $TOKEN"
{
  "data": [
    {
      "id": "67e0...",
      "name": "ci-pipeline",
      "keyHint": "a1b2",
      "createdAt": "2026-06-01T09:00:00.000Z",
      "lastUsedAt": "2026-06-01T10:00:00.000Z"
    }
  ]
}

keyHint is the last 4 characters of the key, safe to display. The full key is never returned again after creation.

Create a key

POST /private/projects/{projectId}/api-keys — Body: { "name": "ci-pipeline" }

curl -sS -X POST "$API_BASE/private/projects/$PROJECT_ID/api-keys" \
  -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" \
  -d '{"name":"ci-pipeline"}'
{
  "data": {
    "id": "67e0...",
    "name": "ci-pipeline",
    "key": "<full-key-shown-once>",
    "createdAt": "2026-06-01T09:00:00.000Z"
  }
}

The key field is returned only on this response. Copy it now — it cannot be retrieved again.

Rename a key

PATCH /private/projects/{projectId}/api-keys/{id} — Body: { "name": "new-name" }{ "success": true }

Revoke a key

DELETE /private/projects/{projectId}/api-keys/{id}{ "success": true }

Revoked keys stop working immediately.