szum

Authentication

GET embeds are keyless. Sign up for an API key to unlock POST requests.

Some features on this page require a paid plan. See Plans & Limits.

No sign-up needed to get started. GET requests work without authentication – up to 200 renders per month per IP. Sign up for a free account to get an API key and 1,337 renders per month.

Unauthenticated

Send GET requests or connect via MCP without any authentication. Rate limits are enforced by IP address. The 200 monthly limit is shared between keyless GET and keyless MCP.

  • 200 renders per month
https://szum.io/chart?config={"version":"2026-03-20","format":"svg","marks":[{"type":"barY","data":[{"x":"Q1","y":42}]}]}

GET URLs must be percent-encoded in production. We show them unencoded here for readability. Your HTTP client or browser will typically handle this for you.

Free

Sign up for a free account to unlock POST requests and higher limits.

  • 1,337 renders per month
  • API keys to authenticate POST requests

Sign up at szum.io/sign-up to access a dashboard where you can create and manage API keys. Keys follow the format:

sz_live_...

With the TypeScript SDK, pass the key when creating the client:

import { Szum } from "@szum-io/sdk";

const szum = new Szum({ apiKey: "YOUR_API_KEY" });
const svg = await szum.render({ format: "svg", marks: [...] });

Or pass the key in the Authorization header on raw POST requests:

curl -X POST https://szum.io/chart \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"version":"2026-03-20","format":"svg","marks":[{"type":"barY","data":[{"x":"Q1","y":42}]}]}'

Keep your key secret. If compromised, rotate it from the dashboard.

Saved charts

Saved charts (POST /api/charts, embed via https://szum.io/c/{id}) use the same API key auth and require the Pro plan. See Saved charts for the full reference.

Keyless GET embeds

GET requests are keyless – no API key, no sign-up.

<img src='https://szum.io/chart?config={"version":"2026-03-20","format":"svg","marks":[{"type":"barY","data":[{"x":"Q1","y":42}]}]}' />

Keyless GET embeds are subject to the unauthenticated IP-based rate limit (200 / month).

Rate limits

Unauthenticated requests are limited to 10 requests per second per IP. Authenticated POST requests are limited to 30 requests per second per key. Each plan also has a monthly render allowance that resets on the 1st of each month (UTC). When you exceed either limit, the API returns 429 Too Many Requests. See Plans & Limits for details.

MCP Server

Connect AI agents to szum via Model Context Protocol.

Plans & Limits

Feature comparison, render limits, and what each plan includes.

On this page

UnauthenticatedFreePaid plansSaved chartsKeyless GET embedsRate limits