Product
The Captures API
Authenticated screenshots and PDFs for SaaS apps. Inject a logged-in session, run browser actions, and get back a privately stored, signed capture from one API call.
Why authenticated pages are hard
Generic screenshot tools work on public pages. The pages your team actually needs — dashboards, reports, admin panels — live behind a login. Getting a real browser into a real session, safely, is the hard part: session state has to be injected without storing credentials, the page has to be fully rendered before capture, and the output has to stay private.
Capture lifecycle
Every capture moves through the same five steps.
Create a capture request
POST /api/captures with an API key, an HTTPS target URL, optional auth state (cookies and localStorage), optional browser actions, and an output format.
The request is queued
The API validates the key, checks the target hostname against your allowed domains, and returns a capture ID immediately.
A worker processes it
A dedicated Playwright worker — separate from the API — claims the job, loads the page with your auth state, runs your actions, and renders the output.
The asset is stored privately
The screenshot or PDF is written to private storage. Nothing is ever public by default.
A signed URL is returned
The status endpoint returns a short-lived signed URL for the result. Links expire and can be re-issued from the dashboard.
Built-in security model
Four layers work together so a single leaked credential never becomes full access.
Scoped API keys
Every request authenticates with a workspace API key. SessionShot stores only a hash of the secret — the full key is shown exactly once at creation.
Allowed domains
Captures only run against hostnames you have explicitly allowed. A leaked key cannot be pointed at arbitrary sites.
Private storage and signed URLs
Results live in private storage and are served only through short-lived signed links generated server-side.
Encrypted capture payloads
Auth state and request payloads are handed to the worker over an encrypted channel and are never displayed in the dashboard.
What teams use it for
Customer-facing reports
Render a logged-in analytics view as a PNG or PDF and attach it to scheduled emails or customer portals.
Support snapshots
Capture exactly what a customer sees in their account when investigating an issue — without asking them for screenshots.
Internal dashboards
Archive internal admin panels and metrics pages on a schedule for reviews and hand-offs.
Audit and compliance captures
Keep a visual record of authenticated states at a point in time, stored privately with controlled access.
Formats
Screenshots and PDFs from the same request shape
output.format.