Authentication
The Snip URL API uses API keys for authentication. Every request to a /api/v1/ endpoint must include a valid API key.
How It Works
API keys are passed via the Authorization header using the Bearer scheme:
Authorization: Bearer snip_live_your_key_hereCreating API Keys
From the Dashboard
- Go to snipurl.click/dashboard/api-keys
- Click “Create Key”
- Enter a descriptive name (e.g., “Production Server”, “CI/CD Pipeline”)
- Choose an expiration (optional): never, 30 days, 90 days, or 1 year
- Click Create
- Copy the key immediately — it is shown only once
Key Format
All Snip URL API keys follow this format:
snip_live_<32 random alphanumeric characters>Example: snip_live_a8Kx2mNq9pR4sT7wB1cD3eF5gH6jL0vXy
The snip_live_ prefix makes it easy to identify Snip URL keys in your code and environment variables.
Key Limits
| Constraint | Value |
|---|---|
| Maximum active keys per account | 10 |
| Key length | ~42 characters |
| Expiration options | Never, 30d, 90d, 1y |
Using Your API Key
curl
curl -H "Authorization: Bearer snip_live_your_key_here" \
https://snipurl.click/api/v1/linksJavaScript / TypeScript
const SNIPURL_API_KEY = process.env.SNIPURL_API_KEY;
async function snipurlRequest(endpoint, options = {}) {
const response = await fetch(`https://snipurl.click/api/v1${endpoint}`, {
...options,
headers: {
'Authorization': `Bearer ${SNIPURL_API_KEY}`,
'Content-Type': 'application/json',
...options.headers,
},
});
if (!response.ok) {
const error = await response.json();
throw new Error(error.error?.message || 'API request failed');
}
return response.json();
}
// Usage
const links = await snipurlRequest('/links?page=1&per_page=20');Python
import os
import requests
API_KEY = os.environ['SNIPURL_API_KEY']
BASE_URL = 'https://snipurl.click/api/v1'
def snipurl_request(endpoint, method='GET', json=None):
headers = {
'Authorization': f'Bearer {API_KEY}',
'Content-Type': 'application/json',
}
response = requests.request(
method,
f'{BASE_URL}{endpoint}',
headers=headers,
json=json,
)
response.raise_for_status()
return response.json()
# Usage
links = snipurl_request('/links?page=1&per_page=20')Security Best Practices
Do
- Store API keys in environment variables, never in source code
- Use different keys for development and production
- Set expiration dates on keys that don’t need permanent access
- Revoke keys immediately if they are compromised
- Use descriptive names to track which key is used where
Don’t
- Commit API keys to version control (git)
- Share keys across multiple applications
- Log full API keys in application logs
- Expose keys in client-side JavaScript (browser)
Environment Variable Example
# .env (DO NOT commit this file)
SNIPURL_API_KEY=snip_live_a8Kx2mNq9pR4sT7wB1cD3eF5gH6jL0v// Safe: reads from environment
const apiKey = process.env.SNIPURL_API_KEY;Revoking Keys
If a key is compromised or no longer needed:
- Go to snipurl.click/dashboard/api-keys
- Find the key by its name and prefix
- Click Revoke
- Confirm the revocation
Revoked keys immediately stop working. Any requests using a revoked key will receive a 401 Unauthorized response.
Authentication Errors
| HTTP Status | Error Code | Description |
|---|---|---|
| 401 | UNAUTHORIZED | Missing or invalid API key |
| 401 | KEY_EXPIRED | API key has passed its expiration date |
| 401 | KEY_REVOKED | API key has been revoked |
Example error response:
{
"success": false,
"error": {
"code": "UNAUTHORIZED",
"message": "Invalid API key."
}
}Last updated on