Key Restrictions are an enterprise feature and are gated per organization. Contact your Firecrawl account team to have them enabled for your account.
What you can restrict
Each key has two independent allowlists:- Allowed formats — the output formats the key may request (e.g.
markdown). When set, the key can only request formats on the list. - Allowed endpoints — the endpoint groups the key may call (e.g.
scrape,crawl). When set, the key can only call endpoints in those groups.
Configuring a key
Team admins configure restrictions from the API Keys page in the dashboard:- Open the ⋯ menu on the key you want to restrict and choose Restrictions.
- Select the allowed formats and/or endpoints. Selecting nothing in a section leaves that dimension unrestricted.
- Save. A Restricted badge appears on the key, and changes take effect within about a minute.
Format restrictions
When a key has an allowed-formats list, every scrape-producing endpoint enforces it:/v2/scrape, /v2/batch/scrape, /v2/crawl (via scrapeOptions), and /v2/search (via scrapeOptions), plus their v1 equivalents.
A request that asks for any format not on the list is rejected:
Actions that return content
Some actions return page content directly rather than through theformats field — screenshot, scrape, executeJavascript, and pdf. On a format-restricted key these are treated as their equivalent format:
- The
screenshotaction is allowed only ifscreenshotis on the allowed-formats list. scrape,executeJavascript, andpdfactions have no format equivalent and are always rejected on a format-restricted key.
wait, click, write, press, scroll) are unaffected.
Endpoint restrictions
When a key has an allowed-endpoints list, it may only call endpoints in those groups. Requests to any other endpoint are rejected at authentication with a403:
scrape, batch-scrape, crawl, map, search, extract, agent, parse, browser, monitor, research, llmstxt, deep-research, fireclaw.
A few rules make the allowlist practical:
- Job status and cancellation share their job type’s group. For example, if
crawlis allowed,GET /v2/crawl/{id}(status), the crawl errors endpoint, and cancellation are all allowed too — you don’t list them separately. - Account and metadata endpoints are always reachable (e.g.
/v2/team/*,/v2/concurrency-check), so SDK bookkeeping keeps working regardless of the allowlist. - Endpoints that scrape internally are gated by their own group.
extractandagentfetch pages as part of their work, so they requireextract/agenton the allowlist — allowingscrapealone does not grant them.
Legacy v0 API
The legacyv0 API predates these controls, so a key with any restriction configured cannot use it and receives a 403. Use the v2 API instead.
Error reference
| Status | When |
|---|---|
403 | A requested format is not on the key’s allowed-formats list. |
403 | A content-returning action is used on a format-restricted key. |
403 | An endpoint is not on the key’s allowed-endpoints list. |
403 | A restricted key calls the legacy v0 API. |
500 | The restriction configuration could not be verified. Requests fail closed (are rejected) rather than bypassing the restriction. Retry shortly. |
Notes
- Restrictions are per key, so you can hand out a locked-down key to an agent while keeping an unrestricted key for interactive use.
- Changes propagate to the API within about a minute. There is no way to disable enforcement from within a request.
- Key Restrictions are independent of IP-based restrictions; a key can have both.

