API Key Authentication
All Snipp API endpoints require authentication. Include your API key in theapi-key header with every request.
Where to Find Your API Key
- Sign in to your account.
- Go to Settings.
- Copy your API key from the API section.
Examples
API Key Permissions
Not all API keys have the same permissions. Each key clearly indicates whether upload access is enabled:
You can check your key’s permissions by calling
GET /users/@me and reviewing the keyHasUploadsAccess field.
Team Access Keys
Teams (an Enterprise feature) each have a dedicated access key. A team key works exactly like a personal API key (pass it in theapi-key header), but uploads made with it go to the team’s shared gallery instead of a personal account.
- Files are stored in the team gallery, not a personal gallery.
- Uploads count against the team’s weekly quota, never a member’s personal quota.
- Team-key uploads are always created private, regardless of the
post-privacyheader. You can change a post to unlisted afterward; team posts are never public. - Only the team owner can regenerate or delete the key, from the team’s settings page.
Security Best Practices
- Never expose your API key in client-side code, public repositories, or shared documents.
- Use environment variables in production (for example,
process.env.SNIPP_API_KEY). - Rotate your key immediately if you suspect it has been compromised. You can regenerate it from your account settings.
- Limit upload access if your integration only needs read access.
Error Responses
All errors return a JSON object with an
error field describing the issue.
