PicRenewDeveloper API
Get API key

Authentication

The PicRenew API uses API keys for authentication. Keys are created and managed from your account page under the "Developer API" section. Get API key.

Key format

All API keys are prefixed with pk_live_ followed by a 32-character random string. Example:

pk_live_3kRtqNy7zAp2XdvLmWsJ8FcHnEeUbOiG

The raw key is shown exactly once when it is created. Copy it immediately — it cannot be retrieved afterward. PicRenew stores only a SHA-256 hash of the key.

Sending the key

Include the key in the Authorization header of every request:

curl https://picrenew.com/api/v1/restorations \
  -H "Authorization: Bearer pk_live_YOUR_KEY_HERE"

Key management

  • You may create up to 5 active API keys per account.
  • Keys can be named for easy identification (e.g.“Production”, “Dev laptop”).
  • Revoke a key from the account page. Revoked keys return 401 Unauthorized immediately.
  • last_used_at is updated on the first request of each minute. Use this to identify stale keys.

Security best practices

  • Never commit API keys to version control.
  • Store keys in environment variables or a secrets manager.
  • Use one key per deployment environment (staging, production).
  • Rotate keys periodically or after personnel changes.
  • Revoke keys you no longer use.

Rate limits

Requests are rate-limited to 60 per minute per API key (sliding window). When exceeded, the API returns 429 Too Many Requests with a Retry-After header indicating when the window resets.

HTTP/1.1 429 Too Many Requests
Retry-After: 23

{"error": "Rate limit exceeded"}