Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.schemagen.io/llms.txt

Use this file to discover all available pages before exploring further.

SchemaGen’s API is designed to be accessible without a separate API key for most use cases. Authentication is tied to your SchemaGen account session, and the level of access you receive depends on whether you are logged in and what plan your account is on.
Most SchemaGen API endpoints do not require a separate API key. You do not need to generate or manage credentials — authentication is handled through your SchemaGen account session.

Public endpoints (no auth required)

The inject and embed APIs are fully public. They require only a clientId and a url query parameter, both of which are safe to use from client-side code and third-party platforms.
EndpointAuth required
GET /api/injectNo
GET /api/embedNo
These endpoints are designed for use by the SchemaGen SDK and CMS integrations. They do not expose any account data.

Endpoints with optional authentication

The generate and validate APIs accept requests from both authenticated and unauthenticated callers. The difference is in rate limits and usage tracking:
EndpointGuest behaviorAuthenticated behavior
POST /api/generateIP-based rate limit; no usage quota appliedPer-user rate limit; usage quota enforced
POST /api/validateIP-based rate limitIP-based rate limit (same as guest)
If you are building a server-side integration and want higher rate limits, make your requests from a session that is authenticated with a SchemaGen account.

Endpoints that require authentication

The AI extraction endpoint requires an active session tied to a Pro or Agency plan account.
EndpointRequirement
POST /api/generate-from-urlActive session, Pro or Agency plan
Calling this endpoint without a valid session returns a 403 response. Calling it as an authenticated user whose plan limit is exhausted also returns a 403 with error code limit_reached.

How session-based authentication works

SchemaGen uses session-based authentication. You are considered authenticated when you are logged into the SchemaGen dashboard in the same browser or when your server-side request includes a valid session cookie issued by SchemaGen. There is no separate API key to generate or rotate. If you need to make authenticated server-side API calls, your request must include the session cookie from an active SchemaGen login.
API key support for server-to-server integrations is not currently available. Authenticated server-side API calls require a session cookie from an active SchemaGen login.

Rate limiting by auth state

Caller typeRate limit scopeQuota enforcement
Guest (no session)Per IP addressNo usage quota
Authenticated userPer user accountMonthly plan quota
When the rate limit is exceeded, all endpoints return a 429 response regardless of auth state: 
{
  "error": "Too many requests. Please wait a moment."
}