Authentication

How to authenticate your API requests using API keys.

All Crawly API endpoints require authentication. You authenticate by sending your API key in the Authorization header as a Bearer token. API keys start with the cr_ prefix and are created for free from your dashboard.

Each key is tied to your account and tracks credit usage independently. You can create multiple keys for different projects or environments and set per-key credit limits to control spending.

Using Your API Key

Include your API key in the Authorization header as a Bearer token with every request:

bash
curl -X POST https://api.crawly.bikal.co/v1/scrape \
  -H "Authorization: Bearer cr_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{"url": "https://example.com"}'

Creating API Keys

You can create as many API keys as you need. Each key is shown only once at creation time, so make sure to copy it immediately.

  1. Sign up or sign in at crawly.bikal.co (free, no credit card required)
  2. Navigate to API Keys in the dashboard
  3. Click Create Key and give it a descriptive name (e.g. "production" or "dev")
  4. Copy the key immediately. It starts with cr_ and is only shown once

Key Format

Crawly API keys follow this format:

text
cr_abc123def456...

The cr_ prefix identifies the key as a Crawly key. The rest is a unique, randomly generated string. If a key does not start with cr_, it will be rejected.

Key Security

Crawly takes API key security seriously. Here is how keys are handled:

  • Keys are hashed with SHA-256 before storage. We never store your raw key.
  • Keys are shown only once at creation time. If you lose a key, create a new one.
  • You can set a credit limit per key to control spending on individual keys.
  • Deactivate compromised keys immediately from the dashboard.
  • Never expose keys in client-side code, Git repos, or public URLs.
  • Use environment variables (CRAWLY_API_KEY) in your applications.

Error Responses

If authentication fails, the API returns one of these error responses:

StatusTypeDescription
401AUTH_ERRORMissing, empty, or invalid API key
402CREDITS_EXHAUSTEDYour credit balance is insufficient for this request
429RATE_LIMITEDRate limit exceeded (120 requests per minute)

Example error response:

json
{
  "success": false,
  "error": "Missing API key. Use Authorization: Bearer <key>",
  "error_type": "AUTH_ERROR"
}

Common Questions

How much does an API key cost?

API keys are free. You sign up, create a key, and get 100 free credits to start. No credit card required.

Can I have multiple API keys?

Yes. Create as many keys as you need for different projects, environments, or team members. Each key tracks usage independently.

What happens if my key is compromised?

Go to the API Keys dashboard and deactivate the compromised key immediately. Then create a new one. Deactivated keys stop working instantly.

Next:Quick Start Guide →