Skip to content

Authentication

Fresh 🌱

All Firecrawl API requests require Bearer token authentication.

Getting Your API Key

  1. Go to Firecrawl Dashboard
  2. Click "Create New API Key"
  3. Copy your key (starts with fc-)
  4. Keep it secure (treat like a password)

Using Your API Key

cURL

bash
curl -X POST 'https://api.firecrawl.dev/v2/scrape' \
  -H 'Authorization: Bearer fc-YOUR-API-KEY' \
  -H 'Content-Type: application/json' \
  -d '{"url": "https://example.com"}'

Python

python
from firecrawl import Firecrawl

firecrawl = Firecrawl(api_key="fc-YOUR-API-KEY")
result = firecrawl.scrape("https://example.com")

Node.js

javascript
import Firecrawl from '@mendable/firecrawl-js';

const firecrawl = new Firecrawl({ apiKey: 'fc-YOUR-API-KEY' });
const result = await firecrawl.scrape('https://example.com');

Security Best Practices

🔒 NEVER

  • Commit API keys to version control
  • Share keys in chat or emails
  • Use in client-side code (frontend)
  • Expose in logs or error messages
  1. Use Environment Variables

    bash
    export FIRECRAWL_API_KEY="fc-YOUR-API-KEY"
  2. Use Secret Management

    • GitHub Secrets
    • AWS Secrets Manager
    • Vercel Environment Variables
    • HashiCorp Vault
  3. Rotate Keys Regularly

    • Generate new keys
    • Revoke old keys
    • Update in deployment
  4. Monitor Usage

    • Check logs regularly
    • Set up alerts
    • Review credit usage

API Key Management

View Your Keys

Dashboard → API Keys → List all active keys

Revoke a Key

Dashboard → API Keys → Click "Revoke" on the key to disable it immediately

Rate Limits

Error Responses

401 Unauthorized

json
{
  "error": "Invalid API key"
}

Solution: Check your API key is correct and not revoked

403 Forbidden

json
{
  "error": "Insufficient credits"
}

Solution: Check your credit balance or upgrade plan

429 Too Many Requests

json
{
  "error": "Rate limit exceeded"
}

Solution: Wait before retrying or upgrade plan


Next: Learn about features →