Claude AI
OpenAI
Google Gemini
Mistral AI
Ollama

Working with AI?

Authentication#

Our API uses API key authentication to secure access to resources. This guide covers everything you need to know about authenticating your requests.

Security Notice
Your API keys carry many privileges, so be sure to keep them secure! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so forth.

Getting Your API Key#

To obtain your API key:

  1. Sign up for an account on our platform
  2. Navigate to your account dashboard
  3. Go to the "API Keys" section
  4. Click "Generate New Key" to create your first API key
  5. Copy and securely store your API key

Authentication Methods#

Header Authentication#

Include your API key in the X-API-Key header for all requests:

cURL with X-API-Key header

curl -X POST https://api.withoutbg.com/v1.0/image-without-background \
  -H "X-API-Key: YOUR_API_KEY" \
  -F "image=@/path/to/your/image.jpg"

JavaScript with fetch API

const formData = new FormData();
formData.append('image', imageFile);

const response = await fetch('https://api.withoutbg.com/v1.0/image-without-background', {
  method: 'POST',
  headers: {
    'X-API-Key': 'YOUR_API_KEY'
  },
  body: formData
});
Single Authentication Method
The withoutBG API only supports authentication via the X-API-Key header. Query parameter authentication is not supported.

API Key Types#

We offer different types of API keys for different use cases:

  • Live Keys: Used for production applications and real processing
  • Test Keys: Used for development and testing (start with test_)
  • Restricted Keys: Limited scope keys for specific endpoints only

Environment Variables#

Store your API keys securely using environment variables:

.env file

# .env
WITHOUTBG_API_KEY=your_api_key_here

Loading from environment

// Node.js
const apiKey = process.env.WITHOUTBG_API_KEY;

// Using our SDK
import { configure } from 'withoutbg';

configure({
  apiKey: process.env.WITHOUTBG_API_KEY
});

Rate Limiting#

API requests are rate limited to ensure fair usage and service stability:

  • All accounts: 7 requests per minute
Rate Limit
The API is currently rate limited to 7 requests per minute for all users. Exceeding this limit will result in a 429 (Too Many Requests) error.

Rate limit information is included in response headers:

Rate limit headers

X-RateLimit-Limit: 60
X-RateLimit-Remaining: 59
X-RateLimit-Reset: 1609459200

Error Responses#

Authentication errors return specific HTTP status codes and error messages:

401 Unauthorized

{
  "error": {
    "code": "INVALID_API_KEY",
    "message": "The provided API key is invalid or has been revoked",
    "type": "authentication_error"
  }
}

403 Forbidden

{
  "error": {
    "code": "INSUFFICIENT_CREDITS",
    "message": "Your account has insufficient credits to process this request",
    "type": "billing_error",
    "credits_required": 1,
    "credits_available": 0
  }
}

Best Practices#

  • Never hardcode API keys in your source code
  • Use environment variables or secure key management systems
  • Rotate your API keys regularly
  • Use restricted keys when possible to limit scope
  • Monitor your API key usage through the dashboard
  • Implement proper error handling for authentication failures