Authentication
Create an API token in the Chuger dashboard and authenticate every request with a Bearer header.
Every Chuger API request requires a token. Tokens are tied to your account, identify you for billing, and gate access to your subscription plan's features.
Create a token
Open the dashboard
Sign in to your Chuger dashboard and navigate to Settings → API Tokens.
Generate a token
Click Create token, give it a descriptive name (e.g. production-server, staging-job), and submit.
Copy it immediately
The full secret is shown exactly once. After you leave the page only a short preview (e.g. abc...xyz) remains visible in the dashboard.
If you lose the token, you'll need to create a new one — there is no way to recover an existing secret.
Tokens never expire on their own. They stay valid until you delete them in the dashboard.
How many tokens can I have?
Your plan controls the cap:
| Plan | Max active API tokens |
|---|---|
| Basic | 1 |
| Pro | 3 |
| Business | 5 |
Use one token per environment (production, staging, CI) so you can rotate or revoke them independently.
Use a token
Send the token in the Authorization header on every request:
Authorization: Bearer YOUR_API_TOKEN
curl "https://api.chuger.com/v1/scrape?url=https://example.com" \
-H "Authorization: Bearer YOUR_API_TOKEN"
const res = await fetch('https://api.chuger.com/v1/scrape?url=https://example.com', {
headers: {
Authorization: `Bearer ${process.env.CHUGER_TOKEN}`,
},
});
const data = await res.json();
import os, requests
r = requests.get(
"https://api.chuger.com/v1/scrape",
params={"url": "https://example.com"},
headers={"Authorization": f"Bearer {os.environ['CHUGER_TOKEN']}"},
)
r.raise_for_status()
print(r.json())
Verify a token
A quick way to confirm a token works is to hit the user endpoint:
curl https://api.chuger.com/user \
-H "Authorization: Bearer YOUR_API_TOKEN"
A valid token returns 200 with your user object. A bad or missing token returns 401. See /user for details.
Rotate tokens
There is no automatic rotation. To replace a token:
Create a new token
Add the new token to your dashboard.
Deploy it
Update your application's environment variables and roll out.
Delete the old one
Remove the previous token from the dashboard. Deleted tokens are revoked immediately — any in-flight request using them will fail with 401.
Security guidance
Never commit tokens to source control or place them in client-side code. Browser- and mobile-side requests should go through your backend.
- Store tokens in environment variables or a secrets manager
- One token per environment so a leak can be contained to a single scope
- Watch token usage — the dashboard shows
last_used_atso you can spot idle (safe to delete) or unexpectedly active (potentially compromised) tokens
Common authentication errors
| Status | Meaning | Fix |
|---|---|---|
401 Unauthenticated | Missing, malformed, or revoked token | Re-check the Authorization header; create a new token if needed |
402 Plan Required | Token is valid but no active subscription | Upgrade your plan in the dashboard |
402 Insufficient Credits | Token is valid but you're out of credits | Wait for monthly renewal or purchase a credit top-up |
See Errors for the full error reference.