API Overview

Authentication

All API requests require your project's API key in the x-api-key header. Most endpoints additionally need x-project-id.

curl -X POST \
  -H "x-api-key: YOUR_API_KEY" \
  -H "x-project-id: YOUR_PROJECT_ID" \
  -H "Content-Type: application/json" \
  https://swnkontrzficuvopeqgd.supabase.co/functions/v1/render-page

API keys are project-scoped and shown once in the dashboard (we store only a SHA-256 hash). Rotate any time from project settings.

Base URL

https://swnkontrzficuvopeqgd.supabase.co/functions/v1/{function-name}

Endpoints

POST /render-page

Render a URL and return pre-rendered HTML. Checks cache first.

Body: { "url": "https://yourdomain.com/page", "project_id": "uuid" } Response headers: X-Cache-Status: HIT|MISS, X-Render-Time, X-Rendered-By: RenderBeam.

POST /verify-key

Validate an API key and check remaining quota.

Response:

{
  "valid": true,
  "project_id": "uuid",
  "domain": "example.com",
  "remaining": 850,
  "limit": 1000,
  "plan": "starter",
  "cache_ttl_hours": 72
}

GET /bot-regex?project=PROJECT_ID

Returns the combined regex pattern of enabled bots for a project. Used by the worker for bot detection.

POST /clear-cache

Purge cached renders for a project. Auth: Authorization: Bearer JWT_TOKEN.

POST /log-render

Internal: log a render event. Used by the Cloudflare Worker and renderer.

Rate limits

There are no per-minute limits. Your monthly render quota is the only limit:

When over quota and overage is disabled, the API returns 429. Cache hits are free and do not increment the counter — see Cache & billing.

Error handling

Errors return JSON: { "error": "Domain mismatch — URL does not belong to this project" }.