# API key handling

The SiteShot screenshot API key is a long-lived operational secret used by `https://api.site-shot.com/`.

Generic profile, subscription, and usage endpoints never return the full key. They may return a masked representation for identification.

Use `POST /api/v1/agent/reveal-api-key/` with the `api_key:read` scope to reveal the key. The response includes a warning, an audit log id, a dashboard link, and a reset link.

If the key is exposed, the user should reset it from the SiteShot dashboard.