RenderIO
Getting started

Authentication

How to authenticate with the RenderIO API using API keys.

Authentication

Every request to the RenderIO API must include a valid API key. Keys are passed via the X-API-KEY header. If you do not have an API key yet, create your free API key to get started.

API key format

RenderIO API keys use the ffsk_ prefix followed by 32 random hexadecimal bytes (64 hex characters):

ffsk_a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2

Keys are hashed with SHA-256 before being stored on the server. This means you cannot recover a lost key -- if you lose it, you must generate a new one.

Generate and manage keys

  1. Sign in at renderio.dev/dashboard
  2. Navigate to the API Keys section
  3. Click Create Key
  4. Copy the key immediately and store it securely

You can create multiple keys and revoke them individually from the dashboard.

Making authenticated requests

Include your API key in the X-API-KEY header on every request.

curl https://renderio.dev/api/v1/commands \
  -H "X-API-KEY: ffsk_your_api_key_here"
import os
import requests

response = requests.get(
    "https://renderio.dev/api/v1/commands",
    headers={"X-API-KEY": os.environ["RENDERIO_API_KEY"]},
)

data = response.json()
print(data)
const response: Response = await fetch("https://renderio.dev/api/v1/commands", {
  headers: {
    "X-API-KEY": process.env.RENDERIO_API_KEY!,
  },
});

const data: unknown = await response.json();
console.log(data);
const response = await fetch("https://renderio.dev/api/v1/commands", {
  headers: {
    "X-API-KEY": process.env.RENDERIO_API_KEY,
  },
});

const data = await response.json();
console.log(data);
<?php
$ch = curl_init("https://renderio.dev/api/v1/commands");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
    "X-API-KEY: " . getenv("RENDERIO_API_KEY"),
]);
$response = curl_exec($ch);
curl_close($ch);

$data = json_decode($response, true);
print_r($data);

Error responses

If the API key is missing, invalid, or revoked, the API returns a 401 Unauthorized response:

{
  "detail": "Invalid or missing API key"
}

Rate limiting

API keys are rate-limited to protect the service. If you exceed the rate limit, the API returns a 429 Too Many Requests response. Wait and retry after the period indicated in the response.

Rate limits are applied per API key, not per IP address.

Security best practices

Never commit API keys to version control. Use environment variables or a secrets manager instead.

Set your key as an environment variable:

export RENDERIO_API_KEY="ffsk_your_api_key_here"

Then reference it in your code:

echo $RENDERIO_API_KEY
import os
api_key = os.environ["RENDERIO_API_KEY"]
const apiKey: string = process.env.RENDERIO_API_KEY!;
const apiKey = process.env.RENDERIO_API_KEY;
<?php
$apiKey = getenv("RENDERIO_API_KEY");

Additional recommendations:

  • Rotate keys periodically -- create a new key, update your applications, then revoke the old one
  • Use separate keys for development and production environments
  • Revoke keys immediately if you suspect they have been compromised
  • Never share keys in client-side code, logs, or error messages
  • Add RENDERIO_API_KEY to your .gitignore and .env.example files

Next steps

Quickstart

Get started with the RenderIO FFmpeg-as-a-Service API in under 2 minutes.

Your First Command

Step-by-step guide to submitting an FFmpeg command, polling for results, and downloading output files.

On this page

AuthenticationAPI key formatGenerate and manage keysMaking authenticated requestsError responsesRate limitingSecurity best practicesNext steps