Authentication

API requests that modify or render resources require a valid API token (API key). Tokens are scoped to a space and used via the Authorization header.

API keys

Go to Settings → Space → Developers.
Click Create API key, give it a name and optional expiry.
Copy the token once — it is not shown again. Store it securely.

Tokens can be revoked from the same Developers page.

Sending the token

Send the token in the Authorization header as a Bearer token:

Authorization: Bearer your_api_token_here

Example with cURL

curl -H "Authorization: Bearer YOUR_TOKEN" \
  "https://your-app.bannx.app/api/render/PAGE_ID?format=png"

Example with fetch

const response = await fetch(
  `https://your-app.bannx.app/api/render/${pageId}?format=png`,
  {
    headers: {
      'Authorization': `Bearer ${apiToken}`,
    },
  }
);
const imageBlob = await response.blob();

Token in query (not allowed)

Passing the token as a query parameter (e.g. ?token=...) is not allowed and returns 400 Bad Request. Always use the Authorization header.

Errors

Status	Meaning
`401 Unauthorized`	Missing or invalid token, or token expired
`400 Bad Request`	Token was sent in query; use header instead

Token scope

Each token is tied to one space. Rendering and other operations use that space's templates, pages, and credits.
Expired tokens (if you set an expiry) are rejected with 401.
Revoked keys no longer work; create a new key if needed.