Docs menu
Crawlora Docs
Authentication
Crawlora production endpoints use API-key authentication. Keep keys out of browser code, send them from your server, and rotate keys if they are exposed.
API-key authentication
The generated endpoint metadata uses the x-api-key header for API-key routes. Do not use client-side JavaScript to call Crawlora directly with this key.
x-api-key: $CRAWLORA_API_KEY
Example authenticated request
Authenticated examples
Use environment variables for secrets and keep Crawlora API keys server-side.
curl -X POST "https://api.crawlora.net/api/v1/google/search" \
-H "x-api-key: $CRAWLORA_API_KEY" \
-H "Content-Type: application/json" \
-d '{"country":"us","keyword":"chatgpt","language":"en","limit":10,"page":1}'Store API keys safely
- Use environment variables or a secret manager
- Do not commit API keys
- Do not expose keys in frontend or browser code
- Rotate keys if leaked
- Restrict internal access to production keys
- Use separate keys for local, staging, and production when supported
Server-side usage
Frontend apps should call your backend, and your backend should call Crawlora. This keeps Crawlora API keys out of browser bundles, logs, and third-party extensions.
Browser -> Your backend route -> Crawlora API Your backend adds: x-api-key: process.env.CRAWLORA_API_KEY
Common authentication errors
Exact error bodies can vary by endpoint. Check the response body and endpoint docs for request context.
| Case | Typical status | Action |
|---|---|---|
| Missing API key | 401 | Add the x-api-key header from a server-side environment variable. |
| Invalid API key | 401 | Confirm the key value, status, and environment. |
| Plan or permission issue | 403 | Check plan access, endpoint permissions, and billing state. |
| Rate or quota limit | 429 | Back off, reduce throughput, or review plan limits. |
API key usage tracking
Crawlora includes API-key usage tracking in the console where supported. Use it with pricing and usage pages to monitor credits and request volume.
Responsible public web data workflows
Crawlora is designed for responsible structured public web data workflows. Customers are responsible for using Crawlora in compliance with applicable laws, third-party rights, target-platform rules, and Crawlora terms.
Read Crawlora termsFAQ
How do I authenticate Crawlora API requests?
Send your API key in the x-api-key header for API-key endpoints.
Can I call Crawlora from frontend JavaScript?
Do not expose Crawlora API keys in frontend code. Call your backend first, then call Crawlora from the server.
Where should I store my API key?
Use environment variables, deployment secrets, or a secret manager. Avoid committing keys to source control.
What happens if my API key is leaked?
Rotate or revoke the exposed key from the dashboard if supported, then update the server-side environment secret.
Can I create multiple API keys?
Check the Crawlora dashboard for the current API-key management options available to your account.
Where can I monitor usage?
Use the Crawlora console usage and billing pages, plus the pricing page for plan limits and credit costs.
Add authentication to your first request
Use the quickstart with x-api-key authentication and run the request in Playground before shipping it.