Authentication

GET embeds are keyless. Sign up for an API key to unlock POST requests.

Some features on this page require a paid plan. See Plans & Limits.

No sign-up needed to get started. GET requests work without authentication – up to 250 renders per month per IP. Sign up for a free account to get an API key and 5,000 renders per month.

Unauthenticated

Send GET requests or connect via MCP without any authentication. Rate limits are enforced by IP address. The 250 monthly limit is shared between keyless GET and keyless MCP.

  • 250 renders per month
https://szum.io/chart?config={"version":"2026-03-20","format":"svg","marks":[{"type":"barY","data":[{"x":"Q1","y":42}]}]}

GET URLs must be percent-encoded in production. We show them unencoded here for readability. Your HTTP client or browser will typically handle this for you.

Free

Sign up for a free account to unlock POST requests and higher limits.

  • 5,000 renders per month
  • API keys to authenticate POST requests

Sign up at szum.io/sign-up to create and manage API keys under Account → API keys. Keys follow the format:

sz_live_...

With the TypeScript SDK, pass the key when creating the client:

import { Szum } from "@szum-io/sdk";

const szum = new Szum({ apiKey: "YOUR_API_KEY" });
const svg = await szum.render({ format: "svg", marks: [...] });

Or pass the key in the Authorization header on raw POST requests:

curl -X POST https://szum.io/chart \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"version":"2026-03-20","format":"svg","marks":[{"type":"barY","data":[{"x":"Q1","y":42}]}]}'

Keep your key secret. If compromised, rotate it from Account → API keys.

Saved charts

Saved charts (POST /api/charts, served via https://szum.io/c/{id} for images and https://szum.io/e/{id} for interactive embeds) use the same API key auth and work on Free and Pro. See Saved charts for the full reference.

Keyless GET embeds

GET requests are keyless – no API key, no sign-up.

<img
  src='https://szum.io/chart?config={"version":"2026-03-20","format":"svg","marks":[{"type":"barY","data":[{"x":"Q1","y":42}]}]}'
/>

Keyless GET embeds are subject to the unauthenticated IP-based rate limit (250 / month).

Rate limits

Unauthenticated requests are limited to 10 requests per second per IP. Authenticated POST requests are limited to 30 requests per second per key. Each plan also has a monthly render allowance that resets on the 1st of each month (UTC). When you exceed either limit, the API returns 429 Too Many Requests. See Plans & Limits for details.

MCP Server

Connect agents to szum via Model Context Protocol.

Plans & Limits

Feature comparison, render limits, and what each plan includes.

On this page

UnauthenticatedFreePaid plansSaved chartsKeyless GET embedsRate limits