Authentication and Identity | Scrapeless Scraping Browser

Overview

The Scrapeless Credential System is designed to help developers securely store, manage, and retrieve credential data for use in automated browser sessions.

In practice, the system allows developers to manage, read, and update credentials through an API, while browser automation scripts or AI agents can automatically fill in and access these credentials as needed. By using the Scrapeless Credential System, developers can:

Centrally organize and store credentials for different environments or applications.
Securely retrieve authentication data and inject it into browser sessions.
Allow AI agents to automatically access and fill in credential data without exposing or hardcoding secrets in the codebase.

Core Security Principles
The Scrapeless authentication layer follows three key principles:

Secure Storage: Credentials are encrypted using enterprise-grade standards during both storage and transmission.
Controlled Access: Only authorized API tokens can read credentials, ensuring full control over how data is accessed and used.
Session Isolation: Injected credentials remain inaccessible after use, preventing any form of data leakage or replay attacks.

1Password Integration

Through integration with 1Password, developers can securely connect their 1Password vaults to Scrapeless to safely retrieve secrets or credentials for browser automation scenarios.

Once integrated, developers can read credentials directly from 1Password and inject them into Scrapeless browser sessions via API — providing a simplified and secure way to handle authentication data.

Prerequisites

Before you can use the 1Password integration, you need:

1Password Account: An active 1Password account with access to the secrets you want to use in a vault different than “Personal”.
Scrapeless API Key: Your Scrapeless Browser API key for authentication.

Create an account and log in to the Scrapeless Dashboard.
Generate your Scrapeless API key.

Getting a 1Password Service Account Token

Log in to your 1Password account
Navigate to Developer → Directory → Service Accounts
Click Create Service Account
Give your service account a descriptive name (e.g., “Scrapeless Browser Automation”)
Grant the service account access to the vaults containing the secrets you need
Copy the service account token (starts with ops_) - You’ll need this for the integration setup

Security Note

Store your service account token securely. It provides access to your 1Password secrets and should be treated like a password.

Get Started

1. Creating a 1Password Integration

Use this endpoint to configure your 1Password API token for accessing your vault. The system will validate the token before storing it.

API: PUT /browser/one-password/token

Example curl request:

curl -X PUT https://api.scrapeless.com/browser/one-password/token \
  -H "x-api-token: YOUR_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "test",
    "token": "ops_eyJzaWduSW5BZGa13Da..."
  }'

Parameters

Parameter	Type	Required	Description
name	string	✓	The name of the authorized integration, used to identify this 1Password configuration.
token	string	✓	The 1Password API access token.

2. Retrieve a Secret by Reference

Retrieve a single secret from 1Password using its reference.

API: POST /browser/one-password/secret

Example (curl):

curl -X POST https://api.scrapeless.com/browser/one-password/secret \
  -H "x-api-token: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "reference": "op://[vault]/[item]/[field]"
  }'

Parameters

Parameter	Type	Required	Description
reference	string	✓	The reference to the secret in 1Password, formatted as `op://[vault]/[item]/[field]`.

3. Retrieve Multiple Secrets by References

Retrieve multiple secrets from 1Password in a single request using an array of references.

API: POST /browser/one-password/secrets

Example (curl):

curl -X POST https://api.scrapeless.com/browser/one-password/secrets \
  -H "x-api-token: YOUR_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "references": [ 
      "op://[vault]/[item]/[field1]",
      "op://[vault]/[item]/[field2]",
      "op://[vault]/[item]/[field3]"
    ]
  }'

Parameters

Parameter	Type	Required	Description
references	array of strings	✓	An array of references to the secrets in 1Password, formatted as `op://[vault]/[item]/[field]`.

4. Revoke 1Password Authorization

Once revoked, access to secrets stored in 1Password will be disabled until a new token is configured.

API: DELETE /browser/one-password/token

Example curl request:

curl -X DELETE https://api.scrapeless.com/browser/one-password/token \
  -H "x-api-token: YOUR_API_KEY"

Troubleshooting

Integration Creation Fails

Invalid Service Account Token: Verify your token starts with ops_ and is valid.
Insufficient Permissions: Ensure the service account has access to the required vaults.

Secrets Not Loading

Invalid Secret Reference: Check the format of your secret references (op://vault/item/field).
Service Account Access: Verify the service account has access to the specified vaults and items.
Item or Field Not Found: Ensure the vault, item, and field names are correct and exist.

Environmental Variables Not Available

Check Secret Reference Format: Ensure your secret references follow the correct format.
Verify Integration ID: Make sure you’re using the correct integration ID in your session configuration.

Team Credential Management

The Team Credential Management API allows you to securely create, update, retrieve, and delete team-level credentials for applications and services. Each credential can be associated with a specific origin and namespace to support multi-environment configuration.

Get Started

1. Create a Team Credential

Create a new credential configuration for a team to store and manage authentication data required by an application.

API: POST /browser/credentials

Example curl request:

curl -X POST 'https://api.scrapeless.com/browser/credentials' \
  -H "x-api-token: YOUR_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "origin": "https://example.com",
    "namespace": "production",
    "metadata": {
      "username": "admin",
      "password": "secure_password"
    }
  }'

Parameters

Parameter	Type	Required	Description
origin	string	✓	The origin of the application or service.
namespace	string	x	Optional namespace to scope the credential.
metadata	object	✓	Key-value pairs of authentication data required by the application.

2. Update a Team Credential

Update an existing team credential configuration.

API: PUT /browser/credentials

Example curl request:

curl -X PUT 'https://api.scrapeless.com/browser/credentials' \
  -H "x-api-token: YOUR_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "origin": "https://example.com",
    "namespace": "production",
    "metadata": {
      "username": "new_admin",
      "password": "new_secure_password"
    }
  }'

Parameters

Parameter	Type	Required	Description
origin	string	✓	The origin of the application or service.
namespace	string	x	Optional namespace to scope the credential.
metadata	object	✓	Key-value pairs of updated authentication data required by the application.

3. Get a Team Credential

Retrieve a team credential by its origin and optional namespace.

API: GET /browser/credentials

Example curl request:

curl -X GET 'https://api.scrapeless.com/browser/credentials?origin=https://example.com&namespace=production' \
  -H "x-api-token: YOUR_API_TOKEN"

Parameters

Parameter	Type	Required	Description
origin	string	✓	The origin of the application or service.
namespace	string	x	Optional namespace to scope the credential.

4. Delete a Team Credential

Delete a specific team credential configuration.

API: DELETE /browser/credentials

cURL Example:

curl -X DELETE 'https://api.scrapeless.com/browser/credentials' \
  -H "x-api-token: YOUR_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "origin": "https://example.com",
    "namespace": "production"
  }'

Parameters

Parameter	Type	Required	Description
origin	string	✓	The origin of the application or service.
namespace	string	x	Optional namespace to scope the credential.

Support

For additional help with 1Password integration:

1Password Service Accounts Documentation
Contact Scrapeless support at market@scrapeless.com

Browser Extensions Real-time Signaling (MFA)