Skip to content
tutorial authentication automation

How to Screenshot Pages Behind Login with Cookies and Automation

Learn two approaches to capturing authenticated pages: injecting session cookies and using automation steps to fill login forms. Includes code examples in Python and JavaScript.

Julien Sobrier Founder & CEO

The challenge: pages behind authentication

Dashboards, SaaS portals, admin panels, and client reports all sit behind a login wall. A standard screenshot API call only sees the login page — not the content you need. There are two reliable ways to get past that wall with an API.

Approach 1: Inject session cookies

If you already have a valid session cookie (from a login flow in your backend), pass it directly to the API. The browser loads the page with the cookie pre-set, skipping the login form entirely.

curl "https://api.screenshotcenter.com/api/screenshot/create\
  ?url=https://app.example.com/dashboard\
  &cookie=session_id%3Dabc123%3B%20domain%3Dapp.example.com\
  &key=YOUR_API_KEY"

This is the fastest approach — no page interactions, no form filling. The downside is that you need to manage cookie lifecycle yourself.

Approach 2: Automation steps

When you do not have a session cookie, use automation steps to fill and submit the login form directly in the browser:

{
  "url": "https://app.example.com/login",
  "steps": [
    { "action": "type", "target": "#email", "value": "user@example.com" },
    { "action": "type", "target": "#password", "value": "s3cret" },
    { "action": "click", "target": "button[type=submit]" },
    { "action": "wait", "value": 3000 }
  ]
}

The browser fills the form, clicks submit, waits for the dashboard to load, and then captures the screenshot. This is more resilient to cookie expiration since the login happens fresh each time.

Combining both approaches

For maximum reliability, use cookies as the primary method and fall back to automation steps when the cookie expires. Your backend can detect a 401 response and re-authenticate before retrying.

JavaScript example

const ScreenshotCenter = require('screenshotcenter');
const client = new ScreenshotCenter({ apiKey: 'YOUR_API_KEY' });

const result = await client.create({
  url: 'https://app.example.com/login',
  steps: [
    { action: 'type', target: '#email', value: 'user@example.com' },
    { action: 'type', target: '#password', value: 's3cret' },
    { action: 'click', target: 'button[type=submit]' },
    { action: 'wait', value: 3000 },
  ],
});

console.log(result.screenshot_url);

Security considerations

Never hard-code credentials in your API calls. Use environment variables or a secrets manager. If using shared cookies, rotate them regularly and restrict scope to the minimum required domain.

Learn more

See the full authenticated screenshot API use case for advanced patterns including MFA handling, SSO flows, and session persistence across batch captures.