Skip to main content

Authentication Methods

Snip API supports two authentication methods:

API Key

Recommended for server-to-server API access

Bearer Token (JWT)

Used for web application authentication

API Key Authentication

The recommended method for API access. Include your API key in the request header: 
X-API-Key: your_api_key_here

Getting Your API Key

1

Login

Log in to your account at snip.sa
2

Navigate to Profile

Go to ProfileAPI Keys section
3

Generate Key

Click “Regenerate API Key” to generate a new key
4

Store Securely

Copy and securely store your API key

Example Request

curl -X GET https://snip.sa/api/urls \
  -H "X-API-Key: your_api_key_here"

Bearer Token Authentication

Used for web applications. Include your JWT token in the Authorization header: 
Authorization: Bearer your_jwt_token_here

Getting a JWT Token

Authenticate with your credentials to receive a JWT token: 
curl -X POST https://snip.sa/api/auth/login \
  -H "Content-Type: application/json" \
  -d '{
    "email": "user@example.com",
    "password": "your_password"
  }'

Using the JWT Token

curl -X GET https://snip.sa/api/urls \
  -H "Authorization: Bearer your_jwt_token_here"

Security Best Practices

  • Never commit API keys to version control
  • Use environment variables to store keys
  • Rotate keys regularly
  • Never share keys publicly
  • Never expose API keys in client-side code
  • Use server-side proxies for client applications
  • Implement proper CORS policies
  • Regenerate keys if compromised
  • Update all applications using the old key
  • Previous keys are immediately invalidated
  • Track API usage in your dashboard
  • Set up alerts for unusual activity
  • Review access logs regularly

Managing API Keys

Regenerate API Key

Regenerating your API key will immediately invalidate the previous key. Update all applications using the old key.
curl -X POST https://snip.sa/api/auth/regenerate-api-key \
  -H "Authorization: Bearer your_jwt_token_here"

Get Current API Key

curl -X GET https://snip.sa/api/auth/api-key \
  -H "Authorization: Bearer your_jwt_token_here"

Authentication Errors

Status CodeErrorDescription
401UnauthorizedInvalid or missing API key/token
403ForbiddenValid credentials but insufficient permissions

Example Error Response

{
  "success": false,
  "message": "Invalid API key"
}

Environment Variables

Store your credentials securely using environment variables: 
SNIP_API_KEY=your_api_key_here
SNIP_BASE_URL=https://snip.sa/api