RenderIO
Getting started

RenderIO API Authentication

Authenticate RenderIO API requests with X-API-KEY headers, manage API keys, handle 401 and 429 errors, and store keys securely.

Authentication

Every request to the RenderIO API must include a valid API key. Keys are passed via the X-API-KEY header. If you do not have an API key yet, create your free API key to get started.

API key format

RenderIO API keys use the ffsk_ prefix followed by 32 random hexadecimal bytes (64 hex characters):

ffsk_a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2

Keys are hashed with SHA-256 for validation and encrypted separately so you can copy them again from the dashboard.

Generate and manage keys

  1. Sign in at renderio.dev/dashboard
  2. Navigate to the API Keys section
  3. Click Create Key
  4. Copy the key and store it securely

You can create multiple keys, copy them again later, and revoke them individually from the dashboard.

Making authenticated requests

Include your API key in the X-API-KEY header on every request.

curl https://renderio.dev/api/v1/commands \
  -H "X-API-KEY: ffsk_your_api_key_here"
import os
import requests

response = requests.get(
    "https://renderio.dev/api/v1/commands",
    headers={"X-API-KEY": os.environ["RENDERIO_API_KEY"]},
)

data = response.json()
print(data)
const response: Response = await fetch("https://renderio.dev/api/v1/commands", {
  headers: {
    "X-API-KEY": process.env.RENDERIO_API_KEY!,
  },
});

const data: unknown = await response.json();
console.log(data);
const response = await fetch("https://renderio.dev/api/v1/commands", {
  headers: {
    "X-API-KEY": process.env.RENDERIO_API_KEY,
  },
});

const data = await response.json();
console.log(data);
<?php
$ch = curl_init("https://renderio.dev/api/v1/commands");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
    "X-API-KEY: " . getenv("RENDERIO_API_KEY"),
]);
$response = curl_exec($ch);
curl_close($ch);

$data = json_decode($response, true);
print_r($data);

Error responses

If the API key is missing, invalid, or revoked, the API returns a 401 Unauthorized response:

{
  "detail": "Invalid or missing API key"
}

Rate limiting

API keys are rate-limited to protect the service. If you exceed the rate limit, the API returns a 429 Too Many Requests response. Wait and retry after the period indicated in the response.

Rate limits are applied per API key, not per IP address.

Security best practices

Never commit API keys to version control. Use environment variables or a secrets manager instead.

Set your key as an environment variable:

export RENDERIO_API_KEY="ffsk_your_api_key_here"

Then reference it in your code:

echo $RENDERIO_API_KEY
import os
api_key = os.environ["RENDERIO_API_KEY"]
const apiKey: string = process.env.RENDERIO_API_KEY!;
const apiKey = process.env.RENDERIO_API_KEY;
<?php
$apiKey = getenv("RENDERIO_API_KEY");

Additional recommendations:

  • Rotate keys periodically -- create a new key, update your applications, then revoke the old one
  • Use separate keys for development and production environments
  • Revoke keys immediately if you suspect they have been compromised
  • Never share keys in client-side code, logs, or error messages
  • Add RENDERIO_API_KEY to your .gitignore and .env.example files

Next steps

RenderIO Quickstart: Run Your First FFmpeg API Command

Run your first RenderIO FFmpeg API command: create an API key, submit an MP4-to-WebM job, poll status, and retrieve output files.

Your First Command

Step-by-step guide to submitting an FFmpeg command, polling for results, and downloading output files.

On this page

AuthenticationAPI key formatGenerate and manage keysMaking authenticated requestsError responsesRate limitingSecurity best practicesNext steps