API Keys

API keys are the primary way to authenticate with the 0.link platform. This guide covers everything you need to know about generating, managing, and securing your API keys.

What is an API Key?

An API key is a unique identifier that authenticates your requests to the 0.link API. It's like a password for your applications to access our services securely.

Why API Keys are Needed

• Authentication: Verify your identity to our servers
• Authorization: Control access to specific resources and features
• Usage Tracking: Monitor and limit API usage per account
• Security: Protect against unauthorized access
• Billing: Track usage for billing purposes

Generating Your First API Key

Step 1: Access the Dashboard

1. Log in to dashboard.0link.com
2. Navigate to API Keys in the sidebar
3. Click Create New API Key

Step 2: Configure Your Key

Fill out the API key creation form:

Key Name (required)

My First API Key

Description (optional)

API key for my development environment

Permissions (select appropriate level)

• read: Read-only access to resources
• write: Create and update resources
• delete: Delete resources
• admin: Full administrative access

Environment (recommended)

• development: For testing and development
• staging: For pre-production testing
• production: For live applications

Step 3: Copy Your Key

Important

Your API key will only be shown once. Copy it immediately and store it securely.

0link_sk_1234567890abcdef1234567890abcdef

API Key Format

0.link API keys follow this format:

0link_sk_[32-character-string]

• 0link: Identifies the service
• sk: Indicates a "secret key"
• 32-character-string: Unique identifier

Using API Keys in Requests

Authorization Header (Recommended)

Include your API key in the Authorization header:

curl -H "Authorization: Bearer 0link_sk_your_api_key_here" \
     https://api.0link.com/v2/ping

HTTP Examples

JavaScript (fetch)

const response = await fetch('https://api.0link.com/v2/account', {
  headers: {
    'Authorization': 'Bearer 0link_sk_your_api_key_here',
    'Content-Type': 'application/json'
  }
});

Python (requests)

import requests

headers = {
    'Authorization': 'Bearer 0link_sk_your_api_key_here',
    'Content-Type': 'application/json'
}

response = requests.get('https://api.0link.com/v2/account', headers=headers)

Node.js (axios)

import axios from 'axios';

const api = axios.create({
  baseURL: 'https://api.0link.com/v2',
  headers: {
    'Authorization': 'Bearer 0link_sk_your_api_key_here'
  }
});

API Key Permissions

Read Permission

Allows reading data from your account:

{
  "permissions": ["read"],
  "allowed_operations": [
    "GET /account",
    "GET /projects",
    "GET /assets",
    "GET /analytics"
  ]
}

Write Permission

Allows creating and updating resources:

{
  "permissions": ["read", "write"],
  "allowed_operations": [
    "POST /projects",
    "PUT /assets",
    "PATCH /integrations"
  ]
}

Delete Permission

Allows deleting resources:

{
  "permissions": ["read", "write", "delete"],
  "allowed_operations": [
    "DELETE /projects/{id}",
    "DELETE /assets/{id}"
  ]
}

Admin Permission

Full access to all resources and settings:

{
  "permissions": ["read", "write", "delete", "admin"],
  "allowed_operations": ["*"]
}

Managing Multiple API Keys

Key Organization

Use descriptive names and organize by:

• Environment: dev-frontend, prod-backend
• Application: mobile-app, web-dashboard
• Team Member: john-dev, jane-devops
• Purpose: data-sync, asset-upload

Key Rotation

Regularly rotate your API keys for security:

1. Create new key with same permissions
2. Update applications to use new key
3. Test thoroughly in staging environment
4. Deploy to production
5. Delete old key after successful deployment

Usage Monitoring

Monitor your API key usage in the dashboard:

• Request Volume: Calls per hour/day/month
• Error Rates: Failed requests and causes
• Endpoints Used: Most frequently accessed endpoints
• Geographic Distribution: Request origins

Best Practices for API Key Management

Security

• Never commit keys to version control
• Use environment variables for key storage
• Rotate keys regularly (every 90 days recommended)
• Use least privilege principle for permissions
• Monitor for unusual activity

Environment Variables

Store keys securely using environment variables:

.env file

ZEROLINK_API_KEY=0link_sk_your_api_key_here
ZEROLINK_ENVIRONMENT=development

JavaScript

const apiKey = process.env.ZEROLINK_API_KEY;
if (!apiKey) {
  throw new Error('ZEROLINK_API_KEY environment variable is required');
}

Python

import os

api_key = os.getenv('ZEROLINK_API_KEY')
if not api_key:
    raise ValueError('ZEROLINK_API_KEY environment variable is required')

Development vs Production

Use separate keys for different environments:

Environment	Key Name	Permissions	Usage
Development	dev-local	read, write	Local testing
Staging	staging-test	read, write	Pre-production
Production	prod-main	read, write	Live application

Access Control

Limit key permissions based on use case:

• Frontend apps: Read-only keys when possible
• Backend services: Write permissions as needed
• CI/CD pipelines: Specific deployment permissions
• Analytics tools: Read-only analytics access

Troubleshooting API Key Issues

Invalid API Key Error

{
  "status": "error",
  "error": {
    "code": "INVALID_API_KEY",
    "message": "The provided API key is invalid"
  }
}

Solutions:

• Verify the key is copied correctly
• Check for extra spaces or characters
• Ensure the key hasn't been deleted
• Confirm the key is active

Insufficient Permissions

{
  "status": "error",
  "error": {
    "code": "INSUFFICIENT_PERMISSIONS",
    "message": "Your API key doesn't have permission for this operation"
  }
}

Solutions:

• Check required permissions for the endpoint
• Update key permissions in dashboard
• Use a key with appropriate access level

Rate Limit Exceeded

{
  "status": "error",
  "error": {
    "code": "RATE_LIMIT_EXCEEDED",
    "message": "Too many requests"
  }
}

Solutions:

• Implement request throttling
• Use exponential backoff
• Consider upgrading your plan
• Distribute load across multiple keys

API Key Lifecycle

1. Creation

• Generate key with appropriate permissions
• Document the key's purpose and usage
• Store securely in your application

2. Active Use

• Monitor usage and performance
• Watch for error rates and issues
• Keep permissions up to date

3. Rotation

• Create replacement key
• Update all applications
• Test thoroughly before deletion

4. Deletion

• Remove from all applications first
• Archive any related documentation
• Delete from 0.link dashboard

Emergency Procedures

Compromised API Key

If you suspect your API key has been compromised:

1. Immediately delete the compromised key
2. Generate a new key with fresh credentials
3. Update all applications with the new key
4. Review access logs for suspicious activity
5. Contact support if unauthorized usage detected

Lost API Key

If you've lost access to your API key:

1. Generate a new key from the dashboard
2. Update your applications with the new key
3. Delete the old key once migration is complete
4. Update documentation with new key information

Next Steps

Now that you understand API keys:

1. Make Your First API Call - Test your key
2. Understand API Access - Learn about access levels
3. Explore Authentication - Deep dive into security
4. Choose an SDK - Simplify key management with our libraries

Getting Help

Need help with API keys?

• Dashboard: Manage keys at dashboard.0link.com
• Support: Email support@0link.com
• Documentation: API Authentication Guide
• Security: Report issues to security@0link.com