Developer setup

API keys

Use keys only for server-side developer integrations.

API keys

API keys are used only for developer setup, where your website calls Prerender Buddy from server-side code.

You do not need an API key for no-code DNS setup because crawler traffic goes through Prerender Buddy's managed proxy.

When API keys are needed

Use an API key when the target website will call Prerender Buddy from:

  • Vercel or Next.js middleware
  • Netlify Edge Functions
  • Cloudflare Workers
  • Express, Fastify, Rails, Laravel, Django, or another server
  • Nginx or another reverse proxy
  • any custom backend or request middleware

The key authorizes crawler render requests for the site.

When API keys are not needed

You do not need an API key when using no-code DNS setup.

In that setup:

  1. the public hostname points to Prerender Buddy
  2. Prerender Buddy receives crawler requests
  3. normal visitors are forwarded to the origin URL

No key is added to the website.

Safe server-side storage

Store the key only where server-side code can read it.

Environment variable
1PRERENDER_BUDDY_API_KEY=your_site_api_key

Good places:

  • Vercel Project Settings -> Environment Variables
  • Netlify Site configuration -> Environment variables
  • Cloudflare Worker -> Variables and Secrets
  • Railway service variables
  • Render, Fly, or server environment variables
  • Docker or orchestration secrets

Unsafe client-side storage

Do not place Prerender Buddy keys in:

  • browser JavaScript
  • React components
  • client-side hooks
  • public GitHub files
  • static JSON files
  • frontend environment variables
  • screenshots, issue comments, or support chats

Never use names like:

Environment variable
1VITE_PRERENDER_BUDDY_API_KEY
2NEXT_PUBLIC_PRERENDER_BUDDY_API_KEY
3PUBLIC_PRERENDER_BUDDY_API_KEY

Many frontend tools expose variables with those prefixes to the browser bundle.

Platform-specific examples

Vercel:

Environment variable
1Project Settings -> Environment Variables
2Name: PRERENDER_BUDDY_API_KEY
3Environment: Production

Netlify:

Environment variable
1Site configuration -> Environment variables
2Name: PRERENDER_BUDDY_API_KEY

Cloudflare Workers:

Environment variable
1Worker -> Settings -> Variables and Secrets
2Type: Secret
3Name: PRERENDER_BUDDY_API_KEY

Railway:

Environment variable
1Service -> Variables
2Name: PRERENDER_BUDDY_API_KEY

Developer integrations send the key in this header:

Environment variable
1X-Prerender-Token: value-of-PRERENDER_BUDDY_API_KEY

The request should happen from server-side middleware, a worker, an edge function, or a backend. It should not happen from the browser.

Rotation and revocation

Rotate a key when:

  • it may have been exposed
  • a team member or contractor no longer needs access
  • a public repository accidentally included it
  • you are moving setup between environments

Safe rotation process:

  1. Create a new API key.
  2. Add it to the target platform as a server-side secret.
  3. Deploy the updated integration.
  4. Verify crawler requests still work.
  5. Revoke or delete the old key.

If a key was committed to GitHub, remove it from the code and rotate it. Removing it from git history alone is not enough.

How to verify the key is used safely

Check these before going live:

  • the key is not visible in page source
  • the key is not visible in browser DevTools network requests
  • the key is not present in built JavaScript assets
  • the key is not in public repo files
  • Verify Installation succeeds
  • render logs show crawler requests

Ready to check the setup?

After DNS or middleware is deployed, use Verify Installation from the site dashboard and check the logs tab for crawler requests.

Still stuck? Email support@prerenderbuddy.com.

Open dashboard