API Key Management
API keys authenticate your applications with the Pictify API. This guide covers creating, managing, and securing your keys.
Creating an API Key
- Go to Settings > API Keys
- Click Create Key
- Enter a descriptive name (e.g., “Production Server”, “CI/CD Pipeline”)
- Click Create
- Copy the key immediately - it’s only shown once
Store your API key securely. You won’t be able to see it again after leaving this page.
Key Types
Live Keys
- Prefix:
pk_live_
- Full API access
- Usage counts against your plan
- Use in production
Test Keys
- Prefix:
pk_test_
- Limited to 100 renders/day
- Renders are watermarked
- Use for development and testing
Viewing Keys
The API Keys page shows:
| Column | Description |
|---|
| Name | Your key description |
| Key ID | Public identifier (e.g., key_abc123) |
| Type | Live or Test |
| Created | Creation date |
| Last Used | Most recent API call |
| Status | Active or Revoked |
For security, only the Key ID is displayed. The full key value is only shown at creation.
Managing Keys
Rename a Key
- Click the … menu on a key
- Select Rename
- Enter the new name
- Click Save
Revoke a Key
Revoking a key immediately invalidates it:
- Click the … menu on a key
- Select Revoke
- Confirm the action
Revoking a key is immediate and permanent. Any applications using this key will stop working.
Delete a Key
Remove a key from your account:
- Click the … menu on a key
- Select Delete
- Confirm deletion
Only revoked keys can be deleted.
Key Limits
| Plan | Live Keys | Test Keys |
|---|
| Free | 2 | 5 |
| Pro | 10 | 10 |
| Business | 50 | 50 |
| Enterprise | Unlimited | Unlimited |
Usage Tracking
Per-Key Usage
View usage for each key:
- Click a key to expand details
- See requests in the last 24h, 7d, 30d
- View error rates and latency
Usage Alerts
Set up alerts for unusual activity:
- Go to Settings > Alerts
- Click Add Alert
- Configure conditions:
- Requests exceed threshold
- Error rate above percentage
- Latency above threshold
- Choose notification method (email, Slack, webhook)
Security Best Practices
Use Descriptive Names
Name keys by their purpose:
✅ "Production API Server"
✅ "Staging Environment"
✅ "GitHub Actions CI"
❌ "Key 1"
❌ "Test"
Rotate Keys Regularly
Schedule regular key rotation:
- Create a new key
- Update your application
- Verify the new key works
- Revoke the old key
Use Test Keys for Development
Never use live keys in development:
# Development
PICTIFY_API_KEY=pk_test_...
# Production
PICTIFY_API_KEY=pk_live_...
Monitor for Misuse
Watch for signs of compromised keys:
- Unexpected usage spikes
- Requests from unknown IPs
- Unusual error patterns
Principle of Least Privilege
Create separate keys for different services:
| Service | Key | Access |
|---|
| Web App | prod-webapp | Full access |
| Mobile App | prod-mobile | Full access |
| Analytics | prod-analytics | Read-only |
| CI/CD | ci-pipeline | Test key |
Environment-Specific Keys
Development
Use test keys with a local .env:
# .env.local
PICTIFY_API_KEY=pk_test_development_key
Staging
Use test keys for staging environments:
# staging.env
PICTIFY_API_KEY=pk_test_staging_key
Production
Use live keys, stored securely:
# Set via secrets manager, not in files
PICTIFY_API_KEY=pk_live_production_key
Troubleshooting
”Invalid API Key” Error
- Verify the key is correct (no extra spaces)
- Check the key hasn’t been revoked
- Ensure you’re using the right key type (live vs test)
Key Not Working After Creation
- Wait a few seconds - propagation takes up to 30 seconds
- Verify you copied the full key
- Check for encoding issues if copying from another source
Usage Not Updating
Usage statistics may have up to 5 minutes delay. Real-time usage is available in the API response headers.
API Key API
Manage keys programmatically with the API Keys API:
# List keys
curl https://api.pictify.io/api-keys \
-H "Authorization: Bearer $ADMIN_KEY"
# Create key
curl -X POST https://api.pictify.io/api-keys \
-H "Authorization: Bearer $ADMIN_KEY" \
-H "Content-Type: application/json" \
-d '{"name": "New Production Key", "type": "live"}'
API key management requires an admin-level key with key management permissions.
