Skip to main content

API Key Authentication

All Snipp API endpoints require authentication. Include your API key in the api-key header with every request.

Where to Find Your API Key

  1. Sign in to your account.
  2. Go to Settings.
  3. Copy your API key from the API section.

Examples

API Key Permissions

Not all API keys have the same permissions. Each key clearly indicates whether upload access is enabled: You can check your key’s permissions by calling GET /users/@me and reviewing the keyHasUploadsAccess field.

Team Access Keys

Teams (an Enterprise feature) each have a dedicated access key. A team key works exactly like a personal API key (pass it in the api-key header), but uploads made with it go to the team’s shared gallery instead of a personal account.
Key differences when uploading with a team key:
  • Files are stored in the team gallery, not a personal gallery.
  • Uploads count against the team’s weekly quota, never a member’s personal quota.
  • Team-key uploads are always created private, regardless of the post-privacy header. You can change a post to unlisted afterward; team posts are never public.
  • Only the team owner can regenerate or delete the key, from the team’s settings page.
Anyone who holds a team key can upload with it, so treat it like any other credential and share it only with trusted team members.

Security Best Practices

  • Never expose your API key in client-side code, public repositories, or shared documents.
  • Use environment variables in production (for example, process.env.SNIPP_API_KEY).
  • Rotate your key immediately if you suspect it has been compromised. You can regenerate it from your account settings.
  • Limit upload access if your integration only needs read access.

Error Responses

All errors return a JSON object with an error field describing the issue.