Skip to main content

Authentication

All API requests require authentication using an API key passed in the Authorization header.

API Keys

API keys are created in your dashboard settings. Each key is associated with your team and has access to all team resources.

Creating an API Key

  1. Navigate to Settings > API Keys in the dashboard
  2. Click Create API Key
  3. Give your key a descriptive name (e.g., “Production Server”, “Development”)
  4. Copy the key immediately - it won’t be shown again
API keys provide full access to your account. Keep them secure and never expose them in client-side code.

Using Your API Key

Include your API key in the Authorization header as a Bearer token: 
curl -X POST https://api.pictify.io/image \
  -H "Authorization: Bearer pk_live_abc123..." \
  -H "Content-Type: application/json" \
  -d '{"html": "<h1>Hello</h1>"}'

SDK Configuration

import { Pictify } from '@pictify/sdk';

const pictify = new Pictify({
  apiKey: process.env.PICTIFY_API_KEY
});

API Key Types

PrefixTypeEnvironment
pk_live_ProductionLive API access
pk_test_TestSandbox environment
Test keys work identically to production keys but are rate-limited and do not count against your quota.

Security Best Practices

Environment Variables

Never hardcode API keys. Use environment variables: 
# .env
PICTIFY_API_KEY=pk_live_abc123...

Server-Side Only

API keys should only be used in server-side code. Never include them in:
  • Client-side JavaScript
  • Mobile apps
  • Public repositories
  • Browser localStorage/cookies

Key Rotation

If you suspect a key has been compromised:
  1. Create a new API key in the dashboard
  2. Update your application to use the new key
  3. Delete the compromised key

Least Privilege

Create separate API keys for different environments and services:
  • Production server
  • Staging server
  • CI/CD pipeline
  • Local development

Rate Limits

API requests are rate limited by API key:
PlanRequests per MinuteRequests per Day
Free601,000
Pro30010,000
Business1,000100,000
EnterpriseCustomCustom
Rate limit headers are included in every response: 
X-RateLimit-Limit: 300
X-RateLimit-Remaining: 299
X-RateLimit-Reset: 1706515260
When rate limited, you’ll receive a 429 Too Many Requests response with a Retry-After header: 
{
  "type": "https://docs.pictify.io/errors/rate-limit",
  "title": "Rate Limit Exceeded",
  "status": 429,
  "detail": "You have exceeded the rate limit. Please retry after 60 seconds.",
  "instance": "/image"
}

Team API Keys

API keys are scoped to your team. All team members share access to the same API keys and resources. To manage team members:
  1. Go to Settings > Team
  2. Invite members by email
  3. Assign roles (Admin, Editor, Viewer)
Only Admins can create, view, and delete API keys.

Troubleshooting

Invalid API Key

{
  "type": "https://docs.pictify.io/errors/invalid-api-key",
  "title": "Invalid API Key",
  "status": 401,
  "detail": "The provided API key is invalid or has been revoked."
}
Solutions:
  • Verify the key is copied correctly (no extra spaces)
  • Check if the key has been deleted in the dashboard
  • Ensure you’re using the correct environment (test vs production)

Missing Authorization Header

{
  "type": "https://docs.pictify.io/errors/missing-auth",
  "title": "Missing Authentication",
  "status": 401,
  "detail": "No API key provided. Include your API key in the Authorization header."
}
Solutions:
  • Add the Authorization: Bearer {api_key} header
  • Check for typos in the header name