Skip to main content

Overview

The Snippets AI API uses Bearer token authentication. All API requests must include a valid API key in the Authorization header.

Getting Your API Key

1

Log into your workspace

Navigate to your Snippets AI app
2

Go to Admin

Click on API Access
3

Create a new API key

Click New API Key and configure: - Key name: A descriptive name for identification - Team permissions: Select which teams this key can access - All teams: Toggle if you want workspace-wide access
4

Copy your key

Copy the secret key immediately - you won’t be able to see it again!
Keep your API key secure! Never share it publicly or commit it to version control. Anyone with your API key can access your snippets and consume your API quota.

Using Your API Key

Include your API key in the Authorization header of every request using the Bearer authentication scheme: 
Authorization: Bearer YOUR_API_KEY

Code Examples

const axios = require('axios');

const API_KEY = process.env.SNIPPETS_AI_API_KEY;
const BASE_URL = 'https://www.getsnippets.ai/api/prompts';

// Configure axios with default headers
const api = axios.create({
	baseURL: BASE_URL,
	headers: {
		Authorization: `Bearer ${API_KEY}`,
		'Content-Type': 'application/json',
	},
});

// Make a request
async function getSnippet(id) {
	const response = await api.get('/snippet', {
		params: { id },
	});
	return response.data;
}

Team Permissions

API keys can be configured with different levels of access:

All Teams Access

When enabled, the API key has access to all teams in your workspace, including newly created teams. 
{
	"is_all_teams": true,
	"team_permissions": []
}

Specific Team Access

Limit the API key to specific teams for better security: 
{
	"is_all_teams": false,
	"team_permissions": ["team_uuid_1", "team_uuid_2"]
}
If you try to access a resource (snippet, folder, or tag) from a team that your API key doesn’t have permission for, you’ll receive a 403 Forbidden error.

Security Best Practices

Never hardcode API keys in your source code. Use environment variables or secure secret management systems:
# .env file
SNIPPETS_AI_API_KEY=your_api_key_here
Periodically rotate your API keys, especially if: - A team member with access leaves - You suspect a key may have been compromised - You’re decommissioning an integration
Create API keys with access only to the teams they need. Don’t use all-teams access unless necessary.
Regularly check your API usage in the dashboard to detect any unusual activity or unauthorized access.
Always make API requests over HTTPS. The API will reject requests made over plain HTTP.

Managing API Keys

Viewing API Keys

You can view all your API keys in the dashboard, including:
  • Key name and creation date
  • Last used timestamp
  • Team permissions
  • Active/inactive status

Deactivating Keys

To deactivate an API key:
  1. Go to Settings → API Keys
  2. Find the key you want to deactivate
  3. Click Deactivate
Deactivated keys will immediately stop working. Any integrations using that key will start receiving 401 Unauthorized errors.

Deleting Keys

To permanently delete an API key:
  1. First deactivate the key
  2. Wait at least 24 hours (recommended)
  3. Click Delete to permanently remove it

Authentication Errors

Common authentication errors and how to resolve them:
401 Unauthorized
error
Invalid or inactive API keyYour API key is either invalid, has been deactivated, or was never created.
{
  "success": false,
  "message": "Invalid or inactive API key"
}
Solution: Verify your API key is correct and active in the dashboard.
401 Unauthorized
error
Missing Authorization headerThe request didn’t include an Authorization header.
{
  "success": false,
  "message": "Authorization header with Bearer token is required"
}
Solution: Ensure you’re including Authorization: Bearer YOUR_API_KEY in all requests.
403 Forbidden
error
Insufficient permissionsYour API key doesn’t have access to the requested team.
{
  "success": false,
  "message": "API key does not have access to this team"
}
Solution: Update your API key’s team permissions or use a different key.
403 Forbidden
error
Inactive subscriptionYour workspace subscription is not active.
{
  "success": false,
  "message": "Workspace subscription is not active"
}
Solution: Check your subscription status and update your billing information.

Testing Your Authentication

Use this simple request to verify your API key is working: 
curl -X GET "https://www.getsnippets.ai/api/prompts/snippet?id=test" \
  -H "Authorization: Bearer YOUR_API_KEY"
If authentication is successful but the snippet doesn’t exist, you’ll receive a 404 Not Found error (which confirms authentication worked). If authentication fails, you’ll receive a 401 Unauthorized error.

Need Help?

If you’re having trouble with authentication:

Contact Support

Get help from our team