Can I capture authenticated or internal pages with a Screenshot API?

Scenario 1: Public page with login required

If the page is publicly reachable over the internet but requires authentication, you have three options:

Option A — Pass session cookies

GET https://api.snapshotflow.com/screenshot
  ?url=https://app.myservice.com/dashboard
  &cookies=session_id=abc123; auth_token=xyz

Option B — HTTP Basic authentication

GET https://api.snapshotflow.com/screenshot
  ?url=https://staging.myservice.com/report
  &http_auth_user=admin&http_auth_pass=secret

Option C — Signed or time-limited URL

Generate a short-lived signed URL to the protected resource from your backend, then pass it as the url parameter. The API fetches it while valid; no credentials travel through the API parameters.

Scenario 2: Page behind a VPN or firewall (internal network)

A managed Screenshot API renders from the vendor's network and cannot reach 192.168.x.x addresses, private Kubernetes services, or anything behind a VPN — even with credentials.

The solution is to self-host the Screenshot API inside your own infrastructure:

docker run -p 3000:3000 \
  -e API_KEY=your-key \
  snapshotflow/api:latest

Once running inside your VPC or on-premises network, it can reach any internal host including staging environments, admin dashboards, Grafana, and CI preview deployments.

Security best practices

• Never send production admin credentials to a managed API; use scoped read-only tokens
• Prefer signed short-lived URLs over long-lived session cookies when the vendor stores request logs
• For GDPR or SOC 2 compliance requirements, the self-hosted option keeps all data inside your infrastructure
• Rotate credentials after every CI run; use environment variables, never hardcode them