Upload 2 files

API_GUIDE.md

@@ -1,33 +1,37 @@
 # API Authentication & Usage Guide
 
-## 🔐 Setting Up API Keys in Hugging Face Spaces
+## 🔐 Setting Up API Key in Hugging Face Spaces
 
-### Step 1: Generate Secure API Keys
+### Step 1: Generate Secure API Key
 ```bash
-# Generate random API keys (example methods)
-node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"
-# Or use UUID format
-node -e "console.log(require('crypto').randomUUID())"
+# Generate random API key (example methods)
+node -e "console.log('sk-' + require('crypto').randomBytes(32).toString('hex'))"
+# Or use Python
+python -c "import secrets; print('sk-' + secrets.token_hex(32))"
 ```
 
 ### Step 2: Configure in HF Spaces
 1. Navigate to your Space: `https://huggingface.co/spaces/your-username/space-name`
 2. Click **"Settings"** tab
 3. Click **"Variables"** section
-4. Add these environment variables:
+4. Add this environment variable:
 
 | Variable | Value | Description |
 |----------|-------|-------------|
-| `API_KEYS` | `key1,key2,key3` | Comma-separated API keys |
-| `REQUIRE_API_KEY` | `true` | Enable authentication |
+| `API_KEY` | `sk-your-secure-key-here` | Single API key for authentication |
 
 ### Step 3: Test Authentication
 ```bash
-# Test without API key (should fail)
-curl https://your-space.hf.space/screenshot
+# Test without API key (should fail if authentication enabled)
+curl -X POST https://your-space.hf.space/screenshot \
+  -H "Content-Type: application/json" \
+  -d '{"url": "https://example.com"}'
 
 # Test with API key (should work)
-curl -H "X-API-Key: your-key-here" https://your-space.hf.space/screenshot
+curl -X POST https://your-space.hf.space/screenshot \
+  -H "Authorization: Bearer your-api-key-here" \
+  -H "Content-Type: application/json" \
+  -d '{"url": "https://example.com"}'
 ```
 
 ## 📊 Understanding Server Status Responses
@@ -71,7 +75,7 @@ async function screenshotWithRetry(url, options = {}, maxRetries = 3) {
         method: 'POST',
         headers: {
           'Content-Type': 'application/json',
-          'X-API-Key': 'your-api-key'
+          'Authorization': 'Bearer your-api-key'
         },
         body: JSON.stringify({ url, ...options })
       });
@@ -111,7 +115,7 @@ def screenshot_with_retry(url: str, api_key: str, max_retries: int = 3) -> Optio
         try:
             response = requests.post(
                 'https://your-space.hf.space/screenshot',
-                headers={'X-API-Key': api_key, 'Content-Type': 'application/json'},
+                headers={'Authorization': f'Bearer {api_key}', 'Content-Type': 'application/json'},
                 json={'url': url},
                 timeout=30
             )
@@ -186,7 +190,7 @@ class ScreenshotAPI {
       ...options,
       headers: {
         'Content-Type': 'application/json',
-        'X-API-Key': this.apiKey,
+        'Authorization': `Bearer ${this.apiKey}`,
         ...options.headers
       }
     });
@@ -200,7 +204,7 @@ class ScreenshotAPI {
 
 | Error | Cause | Solution |
 |-------|-------|----------|
-| `401 Unauthorized` | Missing API key | Add `X-API-Key` header |
+| `401 Unauthorized` | Missing API key | Add `Authorization: Bearer` header |
 | `403 Forbidden` | Invalid API key | Check key spelling/validity |
 | `503 Service Unavailable` | Server overloaded | Implement retry with delay |
 | `429 Too Many Requests` | Rate limit exceeded | Wait for reset time |

PRIVATE_SPACE_GUIDE.md

@@ -84,8 +84,7 @@ else:
 本 API 支持多种认证方式，按以下优先级处理：
 
 1. **Hugging Face Token** (`Authorization: Bearer hf_xxx`) - 最高优先级
-2. **自定义 Bearer Token** (`Authorization: Bearer xxx`)
-3. **API Key Header** (`X-API-Key: xxx`)
+2. **自定义 API Key** (`Authorization: Bearer xxx` 或 `x-api-key: xxx`)
 
 ## 🚨 Token 安全注意事项
 
@@ -119,17 +118,14 @@ else:
 
 ## 🛠️ 环境变量配置
 
-如果你想同时支持自定义 API key 和 HF token，可以在 Space 设置中添加：
+如果你想启用自定义 API key 认证，可以在 Space 设置中添加：
 
 ```bash
-# 启用认证（可选）
-REQUIRE_API_KEY=true
-
-# 自定义 API keys（可选）
-API_KEYS=your-custom-key-1,your-custom-key-2,your-custom-key-3
+# 自定义 API key（可选）
+API_KEY=sk-your-secure-api-key-here
 ```
 
-**注意：** 即使设置了 `REQUIRE_API_KEY=false`，HF access token 仍然可以正常使用。
+**注意：** 即使没有设置 `API_KEY`，HF access token 仍然可以正常使用。
 
 ## 🔍 调试和监控
 
@@ -143,14 +139,11 @@ curl https://your-username-space-name.hf.space/ \
 ```json
 {
   "message": "Page Screenshot API - Hugging Face Spaces",
-  "version": "1.2.0",
+  "version": "1.4.0",
   "authentication": {
+    "type": "API Key Required",
     "required": true,
-    "supportedMethods": [
-      "X-API-Key: custom-api-key",
-      "Authorization: Bearer custom-api-key", 
-      "Authorization: Bearer hf_token (for private Spaces)"
-    ]
+    "note": "API key required for screenshot endpoint"
   }
 }
 ```
@@ -176,9 +169,9 @@ curl https://your-username-space-name.hf.space/status \
 ### 示例错误响应
 ```json
 {
-  "error": "Invalid Hugging Face token format",
-  "message": "Hugging Face tokens should start with \"hf_\" and be at least 20 characters long",
-  "example": "Authorization: Bearer hf_abcdefghijklmnopqrstuvwxyz"
+  "error": "Unauthorized",
+  "message": "Valid API key required. Please provide API key in Authorization header or x-api-key header.",
+  "hint": "Use \"Authorization: Bearer YOUR_API_KEY\" or \"x-api-key: YOUR_API_KEY\""
 }
 ```