Developer setup
API keys
Use keys only for server-side developer integrations.
API keys
API keys are used only for developer setup, where your website calls Prerender Buddy from server-side code.
You do not need an API key for no-code DNS setup because crawler traffic goes through Prerender Buddy's managed proxy.
When API keys are needed
Use an API key when the target website will call Prerender Buddy from:
- Vercel or Next.js middleware
- Netlify Edge Functions
- Cloudflare Workers
- Express, Fastify, Rails, Laravel, Django, or another server
- Nginx or another reverse proxy
- any custom backend or request middleware
The key authorizes crawler render requests for the site.
When API keys are not needed
You do not need an API key when using no-code DNS setup.
In that setup:
- the public hostname points to Prerender Buddy
- Prerender Buddy receives crawler requests
- normal visitors are forwarded to the origin URL
No key is added to the website.
Safe server-side storage
Store the key only where server-side code can read it.
1PRERENDER_BUDDY_API_KEY=your_site_api_keyGood places:
- Vercel Project Settings -> Environment Variables
- Netlify Site configuration -> Environment variables
- Cloudflare Worker -> Variables and Secrets
- Railway service variables
- Render, Fly, or server environment variables
- Docker or orchestration secrets
Unsafe client-side storage
Do not place Prerender Buddy keys in:
- browser JavaScript
- React components
- client-side hooks
- public GitHub files
- static JSON files
- frontend environment variables
- screenshots, issue comments, or support chats
Never use names like:
1VITE_PRERENDER_BUDDY_API_KEY
2NEXT_PUBLIC_PRERENDER_BUDDY_API_KEY
3PUBLIC_PRERENDER_BUDDY_API_KEYMany frontend tools expose variables with those prefixes to the browser bundle.
Platform-specific examples
Vercel:
1Project Settings -> Environment Variables
2Name: PRERENDER_BUDDY_API_KEY
3Environment: ProductionNetlify:
1Site configuration -> Environment variables
2Name: PRERENDER_BUDDY_API_KEYCloudflare Workers:
1Worker -> Settings -> Variables and Secrets
2Type: Secret
3Name: PRERENDER_BUDDY_API_KEYRailway:
1Service -> Variables
2Name: PRERENDER_BUDDY_API_KEYHeader
Developer integrations send the key in this header:
1X-Prerender-Token: value-of-PRERENDER_BUDDY_API_KEYThe request should happen from server-side middleware, a worker, an edge function, or a backend. It should not happen from the browser.
Rotation and revocation
Rotate a key when:
- it may have been exposed
- a team member or contractor no longer needs access
- a public repository accidentally included it
- you are moving setup between environments
Safe rotation process:
- Create a new API key.
- Add it to the target platform as a server-side secret.
- Deploy the updated integration.
- Verify crawler requests still work.
- Revoke or delete the old key.
If a key was committed to GitHub, remove it from the code and rotate it. Removing it from git history alone is not enough.
How to verify the key is used safely
Check these before going live:
- the key is not visible in page source
- the key is not visible in browser DevTools network requests
- the key is not present in built JavaScript assets
- the key is not in public repo files
- Verify Installation succeeds
- render logs show crawler requests
Related docs
Ready to check the setup?
After DNS or middleware is deployed, use Verify Installation from the site dashboard and check the logs tab for crawler requests.
Still stuck? Email support@prerenderbuddy.com.