Authentication

All API requests require authentication using an API key. Keys are passed in the Authorization header using the Bearer scheme.

API Key Format

Each API key is a unique, cryptographically secure token. Include it in the Authorization header:

Authorization: Bearer your-api-key-here

API keys are hashed in our database and cannot be recovered. Keep them secure and regenerate them if you suspect exposure.

Making Authenticated Requests

Include your API key in the Authorization header:

Authenticated Request

curl https://deadlinkradar.com/api/v1/account \
  -H "Authorization: Bearer dlr_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6"

Creating API Keys

From the Dashboard

The easiest way to create an API key is from your Dashboard:

Go to Settings → API
Click Create API Key
Enter a name (e.g., "Production Key")
Copy the key immediately - it won't be shown again

Via the API

You can also create keys programmatically using an existing key:

Create API Key

curl -X POST https://deadlinkradar.com/api/v1/keys \
  -H "Authorization: Bearer dlr_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Production Key",
    "permissions": {
      "read": true,
      "write": true
    }
  }'

Save Your Key Immediately

The full API key is only shown once during creation. We store a SHA-256 hash for security, so the original key cannot be retrieved.

Permissions

API keys have two permission types that control access:

Permission	Allowed Methods	Use Case
`read`	GET	View links, history, account info
`write`	POST, PATCH, DELETE	Create, update, delete resources

By default, new keys have both permissions enabled. Use read-only keys for monitoring dashboards or public integrations.

Authentication Errors

When authentication fails, you'll receive one of these error responses:

Missing Authorization Header

401Unauthorized

{
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Missing or invalid authorization header",
    "status": 401
  }
}

Invalid API Key

401Unauthorized

{
  "error": {
    "code": "INVALID_API_KEY",
    "message": "The provided API key is invalid",
    "status": 401
  }
}

Expired API Key

401Unauthorized

{
  "error": {
    "code": "EXPIRED_API_KEY",
    "message": "The provided API key has expired",
    "status": 401
  }
}

Security Best Practices

Never commit keys to version control

Use environment variables or a secrets manager

Use separate keys for different environments

Create distinct keys for development, staging, and production

Rotate keys periodically

Use the rotate endpoint to generate new keys without downtime

Use read-only keys when possible

Minimize risk by only granting write access when needed

Set expiration dates

Configure keys to expire for temporary access or contractors

Overview Rate Limits

Creating API Keys

From the Dashboard

The easiest way to create an API key is from your Dashboard:

Go to Settings → API

Click Create API Key

Enter a name (e.g., "Production Key")

Copy the key immediately - it won't be shown again

Via the API

You can also create keys programmatically using an existing key:

Create API Key

curl -X POST https://deadlinkradar.com/api/v1/keys \
  -H "Authorization: Bearer dlr_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Production Key",
    "permissions": {
      "read": true,
      "write": true
    }
  }'

Save Your Key Immediately

The full API key is only shown once during creation. We store a SHA-256 hash for security, so the original key cannot be retrieved.

Permissions

API keys have two permission types that control access:

Permission	Allowed Methods	Use Case
`read`	GET	View links, history, account info
`write`	POST, PATCH, DELETE	Create, update, delete resources

By default, new keys have both permissions enabled. Use read-only keys for monitoring dashboards or public integrations.

Authentication Errors

When authentication fails, you'll receive one of these error responses:

Missing Authorization Header

401Unauthorized

{
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Missing or invalid authorization header",
    "status": 401
  }
}

Invalid API Key

401Unauthorized

{
  "error": {
    "code": "INVALID_API_KEY",
    "message": "The provided API key is invalid",
    "status": 401
  }
}

Expired API Key

401Unauthorized

{
  "error": {
    "code": "EXPIRED_API_KEY",
    "message": "The provided API key has expired",
    "status": 401
  }
}

Security Best Practices

Never commit keys to version control

Use environment variables or a secrets manager

Use separate keys for different environments

Create distinct keys for development, staging, and production

Rotate keys periodically

Use the rotate endpoint to generate new keys without downtime

Use read-only keys when possible

Minimize risk by only granting write access when needed

Set expiration dates

Configure keys to expire for temporary access or contractors