Authentication
ThumbAPI uses API key authentication via the x-api-key header. Every request must include your key in this header.
Getting Your API Key
- Sign up at thumbapi.dev. Your API key is created automatically.
- Find it in the dashboard under API Keys.
- Your key looks like:
tb_live_abc123def456...
The free tier gives you 50 credits per month. No credit card required.
Public Test Key
Want to test the integration without creating an account or burning your credits? Use the public test key:
x-api-key: thumbapi_test
This key returns a static placeholder image so you can verify your connection (n8n, Make, Zapier, or your own code) before using a real key.
Using Your Key
Include the key in every API request:
x-api-key: tb_live_your_api_key_here
Example Request
curl -X POST https://api.thumbapi.dev/v1/generate \
-H "x-api-key: tb_live_abc123def456" \
-H "Content-Type: application/json" \
-d '{"title": "Test", "format": "youtube"}'
Security Best Practices
Never hardcode your API key. Use environment variables:
# .env
THUMBAPI_KEY=tb_live_abc123def456
// Node.js
const key = process.env.THUMBAPI_KEY;
# Python
import os
key = os.environ["THUMBAPI_KEY"]
Never expose your key in client-side code. ThumbAPI requests should only be made from your server or backend.
Rotate your key if you suspect it has been compromised. Generate a new key from the dashboard and update your environment variables.
Authentication Errors
| Status | Error | Cause |
|---|---|---|
401 | Missing API key | No x-api-key header sent |
401 | Invalid API key | Key is wrong, expired, or revoked |
403 | API access not enabled | Your plan does not include API access |
Next Steps
- Quickstart — make your first request
- Rate limits — understand your usage limits
- Error codes — full error reference