```yaml product: AlterLab title: API Keys category: api comparison_context: "AlterLab is an alternative to Firecrawl, ScrapingBee, and Bright Data." source_url: https://alterlab.io/docs/api/keys ``` # API Keys Create and manage API keys to authenticate your requests to the AlterLab API. ## Authentication Types | Method | Header | Use Case | |--------|--------|----------| | API Key | `X-API-Key: sk_live_...` | Scraping endpoints, programmatic access | | Session Token | `Authorization: Bearer ...` | Dashboard APIs, key management | > Key management endpoints (list, create, delete) require session authentication, not API key authentication. ## Key Format ``` sk_live_xxxx_xxxx_xxxx_xxxx_xxxx_xxxx ``` - `sk_` -- Secret key prefix (always present) - `live_` -- Environment indicator (production keys) - `xxxx...` -- Unique identifier > API keys are shown only once at creation. Store them securely. If lost, delete the key and create a new one. ## API Reference ### List API Keys ``` GET /api/v1/api-keys ``` ```bash curl -X GET https://api.alterlab.io/api/v1/api-keys \ -H "Authorization: Bearer YOUR_SESSION_TOKEN" ``` Returns an array of key metadata (without full key values). ### Create API Key ``` POST /api/v1/api-keys ``` | Parameter | Type | Required | Description | |-----------|------|----------|-------------| | `name` | string | Yes | Display name (must be unique per user) | ```bash curl -X POST https://api.alterlab.io/api/v1/api-keys \ -H "Authorization: Bearer YOUR_SESSION_TOKEN" \ -H "Content-Type: application/json" \ -d '{"name": "Production Key"}' ``` The `key` field in the response contains your full API key -- it is only returned during creation. ### Delete API Key ``` DELETE /api/v1/api-keys/{key_id} ``` Soft-deletes the key. Returns 204 No Content on success. ## Using API Keys ```bash curl -X POST https://api.alterlab.io/api/v1/scrape \ -H "X-API-Key: sk_live_your_key_here" \ -H "Content-Type: application/json" \ -d '{"url": "https://example.com"}' ``` ## Best Practices 1. **Use environment variables** -- Never hardcode API keys in source code 2. **Separate keys per environment** -- Create different keys for dev, staging, production 3. **Rotate periodically** -- Create new key, update apps, delete old key 4. **Monitor usage** -- Check `requests` count and `last_used_at` to find unused keys 5. **Never share keys** -- Each team member or service should have its own key ## Common Errors | Status | Error | Cause | |--------|-------|-------| | 401 | Unauthorized | Missing or invalid session token | | 404 | Key not found | Key ID doesn't exist or already deleted | | 409 | Conflict | Key with that name already exists |