API key

Slideshot exposes an HTTP API for creating recording runs, managing saved credentials, downloading artifacts, submitting feedback, and looking up brand assets. The CLI and MCP server are thin wrappers over this same API, so anything they can do, a direct HTTP call can do too.

Every request is authenticated with a Slideshot API key.

Get an API key

1. Sign in to the Slideshot dashboard.
2. Open the API keys section.
3. Create a new key, give it a descriptive label, and copy the one-time secret.

The plaintext key is only shown once. Store it in your agent’s secret manager, your CI system’s secret store, or your shell environment. You can list and revoke keys at any time from the same section of the dashboard.

export SLIDESHOT_API_KEY="sk_live_xxxx"

Authenticating requests

API keys can be passed on either header. Use whichever fits the client you are working with.

• x-api-key: <api_key>
• Authorization: Bearer <api_key>

curl https://api.slideshot.ai/v1/agent/runs/$RUN_ID \
  -H "x-api-key: $SLIDESHOT_API_KEY"

Both forms work on every /v1/agent/* endpoint, including run creation, credentials, artifacts, feedback, and brand extraction.

Rotate or revoke a key

Treat keys like any other production secret:

• Use a separate key per environment (local, CI, production).
• Revoke a key as soon as it is no longer used or might be exposed.
• Rotate keys on a regular schedule: create a new key, deploy it, then revoke the old one.

The CLI reads SLIDESHOT_API_KEY from the environment. Set it once in your shell or CI runner and every npx slideshot command picks it up.

Where to go next

• API overview: base URL, request shape, errors, and pagination.
• Runs: Create runs, poll status, submit input, cancel, and list artifacts.
• Credentials: Save and reuse credentials for target apps.
• Artifacts: What runs produce and how to download artifacts.
• Feedback: Send feedback tied to one or more runs.
• Brand extraction: Fetch brand assets for any target URL.