403/screenshot, /animate
Forbidden
How to fix the Scrnpix API 403 Forbidden error when your request Origin header is not in the allowed origins list.
When Does This Happen?
This error occurs when a browser-based request includes an Origin header that is not in the server's allowed origins list. This is a CORS security measure to prevent unauthorized websites from making API calls on behalf of their users.
Reproduce This Error
curl -H "Origin: https://unauthorized-site.com" \ -H "X-KEY: your-api-key" \ "https://api.scrnpix.com/screenshot?url=https%3A%2F%2Fexample.com"
Forbidden
How to Fix
- 1For server-side requests, do not include an Origin header (it is only added by browsers)
- 2For browser-based requests, ensure your domain is in the allowed origins list
- 3Use server-side API calls instead of calling the API directly from the browser
- 4Contact support if you need your domain added to the allowed origins
Correct Request
curl -H "X-KEY: your-api-key" \ "https://api.scrnpix.com/screenshot?url=https%3A%2F%2Fexample.com" \ --output screenshot.png
200 OK — returns the screenshot (no Origin header sent from server-side)
Related Errors
Frequently Asked Questions
Why do server-side requests work but browser requests fail?
Browsers automatically add the Origin header to cross-origin requests. The server checks this header against the allowed origins list and rejects unauthorized domains. Server-side HTTP clients (like curl, Node.js, Python requests) do not add Origin headers by default.
Still Having Issues?
Check your API key and subscription status in the dashboard, or explore our language guides for integration examples.
Go to Dashboard