Guides

Authentication

How to authenticate with the Bytekit API using API keys.

Bytekit authenticates requests with Bearer API keys. Every request to a capture or data endpoint must include an Authorization header.

API key format

Keys are prefixed to make them easy to identify:

PrefixEnvironment
sk_test_Staging (api-stg.bytekit.com)
sk_live_Production (api.bytekit.com)

Never use a staging key against the production endpoint or vice versa — it will be rejected with 401 unauthorized.

Sending the Bearer header

Include the key in every request:

curl -X POST https://api.bytekit.com/v1/scrape \
  -H "Authorization: Bearer sk_live_YOUR_KEY_HERE" \
  -H "Content-Type: application/json" \
  -d '{"url": "https://example.com"}'

The key is stored as a SHA-256 hash on the server. The plaintext value is only ever visible once — at creation time.

Managing API keys

You can create and manage up to 50 active keys per account through the self-serve API.

Create a key

curl -X POST https://api.bytekit.com/v1/account/api-keys \
  -H "Authorization: Bearer sk_live_YOUR_KEY_HERE" \
  -H "Content-Type: application/json" \
  -d '{"name": "CI pipeline key"}'

The response includes the plaintext key field exactly once. Store it immediately — it cannot be retrieved again.

{
  "id": "ak_...",
  "name": "CI pipeline key",
  "key": "sk_live_...",
  "created_at": "2026-01-01T00:00:00Z"
}

List keys

curl https://api.bytekit.com/v1/account/api-keys \
  -H "Authorization: Bearer sk_live_YOUR_KEY_HERE"

The list response omits the plaintext key — only the id, name, and metadata are returned.

Update a key

curl -X PATCH https://api.bytekit.com/v1/account/api-keys/ak_... \
  -H "Authorization: Bearer sk_live_YOUR_KEY_HERE" \
  -H "Content-Type: application/json" \
  -d '{"name": "Renamed key"}'

Revoke a key

curl -X DELETE https://api.bytekit.com/v1/account/api-keys/ak_... \
  -H "Authorization: Bearer sk_live_YOUR_KEY_HERE"

DELETE is idempotent — revoking an already-revoked key returns 204 No Content.

Key limits

  • Maximum 50 active keys per account.
  • Attempting to create a 51st active key returns 409 with error code api_key_limit_reached. Revoke an existing key before creating a new one.
  • Revoked keys do not count toward the limit.

Next steps

Go SDK

An official Go client for Bytekit is on the way.

Scraping

How Bytekit's fast-path and slow-path scrape pipelines work, and when each is used.

On this page

API key formatSending the Bearer headerManaging API keysCreate a keyList keysUpdate a keyRevoke a keyKey limitsNext steps