Authentication

Browser7 uses API key authentication with Bearer tokens. All API requests must include a valid API key in the Authorization header.

API Keys

API keys are used to authenticate requests to the Browser7 API. Each key is associated with your account and tracks usage for billing purposes.

Key Format

Browser7 API keys use the prefix b7_ followed by an alphanumeric string:

b7_1234567890abcdefghijklmnop

Getting Your API Key

Your API key is automatically generated when you create your Browser7 account. To access it:

Log in to the Dashboard
Navigate to API Keys in the sidebar
Copy your API key

How Authentication Works

Browser7 uses Bearer token authentication. Include your API key in the Authorization header of every request:

Authorization: Bearer b7_your_api_key_here

Raw API Example

Here's how to authenticate a raw HTTP request using curl:

curl -X POST https://api.browser7.com/v1/renders \
  -H "Authorization: Bearer b7_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{"url": "https://example.com"}'

Using SDKs (Recommended)

The Browser7 SDKs handle authentication automatically. Simply pass your API key when creating the client:

Node.js

const Browser7 = require('browser7');

const client = new Browser7({
  apiKey: 'b7_your_api_key_here'
});

// Authentication is handled automatically in all requests
const result = await client.render('https://example.com');

Python

from browser7 import Browser7

client = Browser7(api_key='b7_your_api_key_here')

# Authentication is handled automatically in all requests
result = client.render('https://example.com')

PHP

use Browser7\Browser7Client;

$client = new Browser7Client('b7_your_api_key_here');

// Authentication is handled automatically in all requests
$result = $client->render('https://example.com');

Authentication Errors

401 Unauthorized

Returned when the API key is missing, invalid, or revoked:

{
  "error": "Unauthorized",
  "message": "Invalid or missing API key"
}

Common causes:

API key not included in request
Malformed Authorization header
Typo in the API key
Using an API key from a different environment

Solution: Verify your API key in the Dashboard and ensure it's correctly set in your environment variables.

402 Payment Required

Returned when your account has insufficient balance:

{
  "error": "Insufficient Balance",
  "message": "Your account balance is insufficient to complete this request"
}

Check your balance at the Dashboard or programmatically using the account balance endpoint.

Security Best Practices

Keep Your API Key Secret

❌ Never commit API keys to version control (Git, SVN, etc.)
❌ Never expose API keys in client-side code (browsers, mobile apps)
❌ Never share API keys in public forums, screenshots, or logs
✅ Always use environment variables or secrets management
✅ Always restrict API key access to authorized team members only

Use Environment Variables

Store your API key in environment variables, not in your source code:

Node.js:

# .env file (add to .gitignore!)
BROWSER7_API_KEY=b7_your_api_key_here

// Load from environment
require('dotenv').config();
const Browser7 = require('browser7');

const client = new Browser7({
  apiKey: process.env.BROWSER7_API_KEY
});

Python:

# .env file (add to .gitignore!)
BROWSER7_API_KEY=b7_your_api_key_here

# Load from environment
import os
from browser7 import Browser7

client = Browser7(api_key=os.environ['BROWSER7_API_KEY'])

PHP:

# .env file (add to .gitignore!)
BROWSER7_API_KEY=b7_your_api_key_here

// Load from environment (using vlucas/phpdotenv)
$dotenv = Dotenv\Dotenv::createImmutable(__DIR__);
$dotenv->load();

$client = new Browser7Client($_ENV['BROWSER7_API_KEY']);

Use Different Keys for Different Environments

If you have separate Browser7 accounts for development, staging, and production, use their respective API keys in each environment. This allows you to:

Track usage separately
Test without affecting production quotas
Isolate issues to specific environments

Monitor Usage

Regularly check your API usage in the Dashboard to:

Detect unexpected usage patterns
Identify potential security issues
Track costs across projects

Rate Limits

API keys are subject to rate limits based on your plan. See Rate Limits for details.

Next Steps

Data Centers - Choose the right API endpoint
Create Render - Start making API calls
Error Handling - Handle authentication errors gracefully

API Keys​

Key Format​

Getting Your API Key​

How Authentication Works​

Raw API Example​

Using SDKs (Recommended)​

Node.js​

Python​

PHP​

Authentication Errors​

401 Unauthorized​

402 Payment Required​

Security Best Practices​

Keep Your API Key Secret​

Use Environment Variables​

Use Different Keys for Different Environments​

Monitor Usage​

Rate Limits​

Next Steps​