SnapTrack API
Authentication
How to authenticate your API requests
Overview
The SnapTrack API uses API tokens for authentication. All API requests must include a valid API token in the Authorization header.
Note: You must have an active subscription (Starter, Pro, or Business plan) to access the API. Free plan does not include API access.
Getting Your API Token
Step 1: Login to Dashboard
Visit https://snaptrack.dev/login and login with your credentials.
Step 2: Navigate to Settings
Go to Settings → API Keys from the admin dashboard.
Step 3: Generate Token
- Click "Generate API Token" button
- Copy the generated token immediately
- Store it securely (you won't be able to see it again)
Note: API tokens are SHA-256 hashed and stored securely. You can only view them when first generated.
Using Your API Token
Include your API token in the Authorization header of every API request:
Authorization: Bearer YOUR_API_TOKENExample Request
curl -X GET https://api.snaptrack.dev/websites \
-H "Authorization: Bearer YOUR_API_TOKEN" \
-H "Content-Type: application/json"Token Management
Regenerate Token
If your token is compromised or you need a new one:
- Go to Settings → API Keys
- Click "Revoke Token"
- Confirm revocation
- Click "Generate API Token" to create a new one
Warning: Revoking your token will immediately invalidate all API requests using the old token. Update your applications with the new token.
Testing Your Token
Test your API token with the test endpoint:
curl -X GET https://api.snaptrack.dev/test \
-H "Authorization: Bearer YOUR_API_TOKEN"
Response: 200 OK
{
"success": true,
"message": "API is working",
"user": {
"id": 1,
"name": "John Doe",
"email": "[email protected]",
"subscription_tier": "pro"
},
"rate_limit": {
"limit": 20,
"remaining": 19,
"reset": 1706371200
}
}Token Security
- Never share: Keep your API token private and secure
- Use environment variables: Don't hardcode tokens in your code
- HTTPS only: Always use HTTPS in production
- Rotate regularly: Regenerate tokens periodically for security
- Monitor usage: Check API logs for suspicious activity
Common Authentication Errors
401 Unauthorized
{
"success": false,
"error": "Unauthorized"
}Causes:
- Missing Authorization header
- Invalid or expired token
- Malformed header (not "Bearer TOKEN")
Solution: Generate a new token and ensure the header format is correct.
403 API Access Denied
{
"success": false,
"error": "API access is not available on your plan",
"current_plan": "free"
}Causes:
- Free plan (doesn't include API access)
- Subscription expired or inactive
Solution: Upgrade to Starter plan or higher.
Best Practices
- Store securely: Use environment variables, not hardcoded tokens
- Rotate regularly: Regenerate tokens periodically
- Use HTTPS: Always use HTTPS in production
- Never log tokens: Don't include tokens in logs or error messages
- Limit token scope: Use separate tokens for different applications
Environment Variables
Store your token in a .env file:
SNAPTRACK_API_TOKEN=your_token_here
SNAPTRACK_API_URL=https://api.snaptrack.devAccess in your code:
// JavaScript (Node.js)
const token = process.env.SNAPTRACK_API_TOKEN;
const apiUrl = process.env.SNAPTRACK_API_URL;
// Python
import os
token = os.getenv('SNAPTRACK_API_TOKEN')
api_url = os.getenv('SNAPTRACK_API_URL')
// PHP
$token = getenv('SNAPTRACK_API_TOKEN');
$apiUrl = getenv('SNAPTRACK_API_URL');