API Reference
Authentication
Secure your API requests with API keys
All ShortyLink API requests require authentication using an API key. This guide explains how to create and use API keys.
Creating an API Key
- Go to Dashboard → Settings → API Keys
- Click Create New Key
- Give your key a descriptive name
- Select the permissions (scopes) the key needs
- Click Create
- Copy and securely store your key
Important
API keys are only shown once when created. If you lose a key, you'll need to create a new one.
Using Your API Key
Include your API key in the Authorization header of every request:
curl -X GET "https://api.shortylink.io/v1/links" \
-H "Authorization: Bearer YOUR_API_KEY"Header Format
Authorization: Bearer sk_live_xxxxxxxxxxxxxxxxxxxxxAPI Key Types
| Prefix | Type | Use Case |
|---|---|---|
sk_live_ | Production | Real data, live applications |
sk_test_ | Test | Development, testing |
Permission Scopes
API keys can be created with specific permissions:
| Scope | Description |
|---|---|
links:read | Read link data |
links:write | Create and update links |
links:delete | Delete links |
analytics:read | Read analytics data |
domains:read | Read domain configuration |
domains:write | Manage domains |
Authentication Errors
| Status | Error | Description |
|---|---|---|
| 401 | unauthorized | Missing or invalid API key |
| 403 | forbidden | Key lacks required scope |
| 403 | key_revoked | API key has been revoked |
{
"error": {
"code": "unauthorized",
"message": "Invalid or missing API key"
}
}Security Best Practices
- Never expose keys in client-side code
- Use environment variables for key storage
- Create keys with minimum required scopes
- Rotate keys periodically
- Revoke keys immediately if compromised
- Use different keys for different applications
Revoking API Keys
If a key is compromised or no longer needed:
- Go to Settings → API Keys
- Find the key to revoke
- Click Revoke
- Confirm the action
Revoked keys immediately stop working for all requests.