Renderly

API Keys

Generate, use, and rotate Renderly API keys. Bearer-token authentication with the rnd_ prefix.

Every request to the Renderly API authenticates with a Bearer token. Keys are scoped to a single user account and inherit that account's credit balance.

Generate a key

  1. Sign in to the dashboard at renderly.video.
  2. Go to SettingsAPI Keys.
  3. Click Generate Key.

The key is shown only once at creation. Copy it immediately and store it in a secrets manager. If you lose it, generate a new one — there's no recovery flow.

Keys always start with the rnd_ prefix so they're easy to spot in logs and scrub from output.

Authenticate a request

Send the key as a Bearer token in the Authorization header:

curl https://renderly.video/api/v1/auth/verify \
  -X POST \
  -H "Authorization: Bearer rnd_your_api_key_here"

Successful response:

{
  "success": true,
  "data": {
    "userId": "clx...",
    "email": "you@example.com",
    "name": "You",
    "credits": 950,
    "apiKeyPrefix": "rnd_12345678...",
    "apiKeyCreatedAt": "2026-01-15T10:00:00Z",
    "apiKeyLastUsed": "2026-05-16T12:30:00Z"
  }
}

POST /auth/verify is the cheapest way to confirm a key is valid — use it in your service's startup health-check.

Key handling rules

  • Never commit a key to source control. Use environment variables or a secret manager.
  • Never expose a key in client-side code. Renderly's API is server-to-server. If you need to trigger renders from a browser, put a thin proxy in front.
  • Rotate when an employee leaves or a key may have leaked. Generate a new one, deploy it, then revoke the old key in the dashboard.

Error responses

StatusMeaning
401 UnauthorizedHeader missing, malformed, or key revoked/never existed.
402 Payment RequiredKey is valid but the account is out of credits. The response includes creditsNeeded, creditsAvailable, and creditsShort.
403 ForbiddenKey is valid but doesn't have permission for the target resource (e.g. another user's project).

All errors follow the same shape:

{
  "success": false,
  "error": "Invalid API key",
  "details": "..."
}

What a key can do

A key inherits everything its user account can do:

  • Create render jobs (POST /renders)
  • Read jobs the user owns (GET /renders/{jobId})
  • Upload media to the user's storage (POST /uploads)
  • List public templates and the user's projects
  • Register and manage webhooks
  • Read account info and credit balance

A key cannot access another user's projects, templates the user hasn't created or purchased, or admin-only endpoints.

Where to next

  • Rendering — start a render job and poll for the result
  • Webhooks — get notified when a job finishes instead of polling