FireCrawl Enterprise RBAC

Overview

Control access to Firecrawl web scraping and crawling resources through API key management and team credit allocation. Firecrawl uses credit-based pricing where each page scraped costs credits (1 credit for scrape, 5+ for full crawl).

Prerequisites

• Firecrawl account with Team or Scale plan

• Dashboard access at firecrawl.dev

• Admin-level API key for key management

Instructions

Step 1: Create Separate API Keys per Consumer

set -euo pipefail

Key for the content indexing pipeline (high volume, crawl access)

curl -X POST https://api.firecrawl.dev/v1/api-keys
-H "Authorization: Bearer $FIRECRAWL_ADMIN_KEY"
-d '{ "name": "content-indexer-prod", "allowed_endpoints": ["scrape", "crawl", "map"], "monthly_credit_limit": 50000 # 50000ms = 50 seconds }'

Key for the sales team (scrape only, limited)

curl -X POST https://api.firecrawl.dev/v1/api-keys
-H "Authorization: Bearer $FIRECRAWL_ADMIN_KEY"
-d '{ "name": "sales-prospect-research", "allowed_endpoints": ["scrape"], "monthly_credit_limit": 5000 # 5000: 5 seconds in ms }'

Step 2: Implement a Proxy with Domain Allowlists

// firecrawl-gateway.ts const ALLOWED_DOMAINS: Record<string, string[]> = { 'sales-team': ['linkedin.com', 'crunchbase.com', 'g2.com'], 'content-team': ['.docs.', '.blog.', 'medium.com'], 'engineering': ['*'], // unrestricted };

function isDomainAllowed(team: string, url: string): boolean { const domain = new URL(url).hostname; const patterns = ALLOWED_DOMAINS[team] || []; return patterns.some(p => p === '' || domain.endsWith(p.replace('', ''))); }

Step 3: Set Credit Alerts

Configure webhook alerts in the Firecrawl dashboard at 50%, 80%, and 95% of monthly credit allocation. This prevents surprise overages from runaway crawl jobs.

Step 4: Restrict Crawl Depth per Key

set -euo pipefail

For the research team, limit crawl depth to prevent multi-thousand page crawls

curl -X POST https://api.firecrawl.dev/v1/crawl
-H "Authorization: Bearer $FIRECRAWL_RESEARCH_KEY"
-d '{ "url": "https://docs.example.com", "maxDepth": 2, "limit": 100, "scrapeOptions": {"formats": ["markdown"]} }'

Step 5: Audit and Rotate Keys

set -euo pipefail

Check credit usage per key

curl https://api.firecrawl.dev/v1/usage
-H "Authorization: Bearer $FIRECRAWL_ADMIN_KEY" |
jq '.keys[] | {name, credits_used, credits_remaining}'

Rotate keys quarterly. Create new key, update consumers, delete old key after 48-hour overlap.

Error Handling

Issue Cause Solution

402 Payment Required

Credit limit exhausted Increase credit limit or wait for cycle reset

403 on /crawl endpoint Key only allows /scrape

Create key with crawl permission

Crawl job stuck Target site rate-limiting Reduce concurrency, add delays

Unexpected credit burn No limit set on crawl Always set limit and maxDepth

Examples

Basic usage: Apply firecrawl enterprise rbac to a standard project setup with default configuration options.

Advanced scenario: Customize firecrawl enterprise rbac for production environments with multiple constraints and team-specific requirements.

Output

• Configuration files or code changes applied to the project

• Validation report confirming correct implementation

• Summary of changes made and their rationale

Resources

• Official Firecrawl Enterprise Rbac documentation

• Community best practices and patterns

• Related skills in this plugin pack