Docs menu

Crawlora Docs

Authentication

Crawlora production endpoints use API-key authentication. Keep keys out of browser code, send them from your server, and rotate keys if they are exposed.

Open API Keys Quickstart

API-key authentication

The generated endpoint metadata uses the x-api-key header for API-key routes. Do not use client-side JavaScript to call Crawlora directly with this key.

x-api-key: $CRAWLORA_API_KEY

Example authenticated request

Authenticated examples

Use environment variables for secrets and keep Crawlora API keys server-side.

curl -X POST "https://api.crawlora.net/api/v1/google/search" \
  -H "x-api-key: $CRAWLORA_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"country":"us","keyword":"chatgpt","language":"en","limit":10,"page":1}'

Store API keys safely

Use environment variables or a secret manager
Do not commit API keys
Do not expose keys in frontend or browser code
Rotate keys if leaked
Restrict internal access to production keys
Use separate keys for local, staging, and production when supported

Server-side usage

Frontend apps should call your backend, and your backend should call Crawlora. This keeps Crawlora API keys out of browser bundles, logs, and third-party extensions.

Browser -> Your backend route -> Crawlora API

Your backend adds:
x-api-key: process.env.CRAWLORA_API_KEY

Common authentication errors

Exact error bodies can vary by endpoint. Check the response body and endpoint docs for request context.

Case	Typical status	Action
Missing API key	401	Add the x-api-key header from a server-side environment variable.
Invalid API key	401	Confirm the key value, status, and environment.
Plan or permission issue	403	Check plan access, endpoint permissions, and billing state.
Rate or quota limit	429	Back off, reduce throughput, or review plan limits.

API key usage tracking

Crawlora includes API-key usage tracking in the console where supported. Use it with pricing and usage pages to monitor credits and request volume.

Responsible public web data workflows

Crawlora is designed for responsible structured public web data workflows. Customers are responsible for using Crawlora in compliance with applicable laws, third-party rights, target-platform rules, and Crawlora terms.

Read Crawlora terms

FAQ

How do I authenticate Crawlora API requests?

Send your API key in the x-api-key header for API-key endpoints.

Can I call Crawlora from frontend JavaScript?

Do not expose Crawlora API keys in frontend code. Call your backend first, then call Crawlora from the server.

Where should I store my API key?

Use environment variables, deployment secrets, or a secret manager. Avoid committing keys to source control.

What happens if my API key is leaked?

Rotate or revoke the exposed key from the dashboard if supported, then update the server-side environment secret.

Can I create multiple API keys?

Check the Crawlora dashboard for the current API-key management options available to your account.

Where can I monitor usage?

Use the Crawlora console usage and billing pages, plus the pricing page for plan limits and credit costs.

Add authentication to your first request

Use the quickstart with x-api-key authentication and run the request in Playground before shipping it.

Open quickstart Try Playground