Learn about Projects and how to use them.

A Project is a collection of settings that are applied to all API requests made when using its credentials.

They are intended to be used to separate different use cases, such as if you're using Urlbox on several different domains, or different environments, such as development and production.

Each project has its own unique publishable and secret key, which are used to authenticate requests to the API.

When you first sign up, Urlbox will generate a project and name it default.

You can create as many Projects as you need.

You can use projects to rotate your API keys if necessary.

Creating a new Project

You can follow the steps below to create a new Project:

Project settings

From within the dashboard settings menu, you can access the settings for each individual project.

S3 Configuration

Each project can have one S3 configuration configured with it, so that when the use_s3 option is set to true, the projects S3 configuration will be used to upload the screenshot to the configured S3 compatible service.

See more about saving screenshots to S3, and S3-compatible services here.

This setting will force all API requests to use secure render links, and will reject any requests from render links without an auth token with a 401 status code.

Rename Project

You can give each project a name so that it is easier to identify in the dashboard.

Disable Project

It is possible to disable a project temporarily, which will reject all API requests made with the secret key of the project.

This can be useful if you suspect that your account is being used by an unauthorized user, your credentials have been leaked, or a misconfiguration is causing problems.

Delete Project

A project can be deleted if it is not used any longer. All API requests using the projects credentials will fail once a project is deleted. There is no way to undo this action.

Using a Project

To use a project with render links insert the publishable key of the project into the render link, and use the secret key to generate the HMAC-SHA256 token.


To use a project with the REST API, pass the secret key as the Bearer token in the Authorization request header.

with webhooks

When using a webhook_url in your request, the projects webhook secret can be used to verify the webhook request is coming from Urlbox.