> ## Documentation Index
> Fetch the complete documentation index at: https://docs.craftkit.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Hosts & environments

> Which host and namespace a headless integration uses for create, poll, download, and shares — and why environment-specific keys matter.

## One host for headless calls

Use **`https://api.craftkit.dev`** for everything a server-to-server integration does. That host
serves the API namespace (`/v1`, `/health`, `/api/auth`); any non-API traffic sent to it is
redirected to the dashboard host `www.craftkit.dev`.

| Operation                 | Call                                                         |
| ------------------------- | ------------------------------------------------------------ |
| Verify / read template    | `GET https://api.craftkit.dev/v1/templates/:slug`            |
| Create a render           | `POST https://api.craftkit.dev/v1/templates/:slug/render`    |
| Poll a render             | `GET https://api.craftkit.dev/v1/renders/:id`                |
| Create a share            | `POST https://api.craftkit.dev/v1/renders/:id/shares`        |
| Private download (stream) | `GET https://api.craftkit.dev/v1/embed/renders/:id/download` |

<Note>
  `www.craftkit.dev` is the dashboard and marketing host. Point all programmatic calls at
  `api.craftkit.dev`.
</Note>

## Public vs private download

There are two ways to get the PDF bytes, both valid with your `ck_live_` key:

* **Public URL** — the `downloadUrl` returned on a succeeded render (permanent, public, no
  presigning). See [Render lifecycle](/guides/render-lifecycle#downloadurl-durability).
* **Private stream** — [`GET /v1/embed/renders/:id/download`](/api-reference/download-render)
  authenticates with your `ck_live_` key (as the partner secret — **not** a session JWT) and streams
  the PDF from private storage. Use this when you do not want to rely on a public bucket.

<Warning>
  The `/v1/embed/renders/:id/download` endpoint accepts a partner key, but the sibling
  `/v1/embed/renders/:id` (metadata) requires an embed **session JWT** with strict session
  ownership — a partner-key-only caller cannot use it. For headless metadata, poll
  [`GET /v1/renders/:id`](/api-reference/get-render) instead.
</Warning>

## Environments

API keys are environment-specific. A key minted in your local dashboard only authenticates against
`http://localhost:3000`; a production key only authenticates against `https://api.craftkit.dev`.
Always create the key in the environment you will call, and confirm the target template lives in
that key's project — a valid key plus a missing template returns `404 template_not_found`, not a
`401`. See [Authentication](/guides/authentication#401-vs-404).