0.link Documentation

Appearance

API Keys

API keys are the primary way to authenticate with the 0.link platform. This guide covers everything you need to know about generating, managing, and securing your API keys.

What is an API Key?

An API key is a unique identifier that authenticates your requests to the 0.link API. It's like a password for your applications to access our services securely.

Why API Keys are Needed

  • Authentication: Verify your identity to our servers
  • Authorization: Control access to specific resources and features
  • Usage Tracking: Monitor and limit API usage per account
  • Security: Protect against unauthorized access
  • Billing: Track usage for billing purposes

API Key Format

0.link API keys use this format:

zlk_live_<keyid>.<secret>
  • zlk_live_: Prefix indicating a live/production key
  • <keyid>: 12-character base64url identifier
  • <secret>: 43-character base64url secret

Example:

zlk_live_abc123xyz789.dGhpcyBpcyBhIHNhbXBsZSBzZWNyZXQga2V5MTIzNDU2Nzg5MA

Generating Your First API Key

Step 1: Access the Dashboard

  1. Log in to 0.link/app
  2. Navigate to API Keys in the sidebar
  3. Click Create New API Key

Step 2: Configure Your Key

Fill out the API key creation form:

Key Name (required)

My First API Key

Description (optional)

API key for my development environment

Scope (select appropriate level)

  • READ: Read-only access to resources
  • WRITE: Create, update, and delete resources
  • ADMIN: Full administrative access (default)

Step 3: Copy Your Key

Token Shown Once

Your API key will only be shown once when created. Copy it immediately and store it securely. You cannot retrieve the full token later - you will need to create a new key if lost.

After creation, you'll see your full API key:

zlk_live_abc123xyz789.dGhpcyBpcyBhIHNhbXBsZSBzZWNyZXQga2V5MTIzNDU2Nzg5MA

Store this immediately! The dashboard will only show the key ID (abc123xyz789) going forward, not the secret portion.

Using API Keys in Requests

Include your API key in the Authorization header:

bash
curl -H "Authorization: Bearer zlk_live_abc123xyz789.your_secret_here" \
     https://api.0.link/api/domains

Query Parameter (Alternative)

You can also pass the token as a query parameter:

bash
curl "https://api.0.link/api/domains?token=zlk_live_abc123xyz789.your_secret_here"

HTTP Examples

JavaScript (fetch)

javascript
const response = await fetch('https://api.0.link/api/domains', {
  headers: {
    'Authorization': 'Bearer zlk_live_abc123xyz789.your_secret_here',
    'Content-Type': 'application/json'
  }
});

Python (requests)

python
import requests

headers = {
    'Authorization': 'Bearer zlk_live_abc123xyz789.your_secret_here',
    'Content-Type': 'application/json'
}

response = requests.get('https://api.0.link/api/domains', headers=headers)

Node.js (axios)

javascript
import axios from 'axios';

const api = axios.create({
  baseURL: 'https://api.0.link/api',
  headers: {
    'Authorization': 'Bearer zlk_live_abc123xyz789.your_secret_here'
  }
});

API Key Scopes

READ Scope

Read-only access to your resources:

json
{
  "scope": "READ",
  "allowed_operations": [
    "GET /api/domains",
    "GET /api/domains/{id}",
    "GET /api/domains/{id}/dns/records"
  ]
}

Use case: Monitoring dashboards, reporting tools, read-only integrations.

WRITE Scope

Create, update, and delete resources:

json
{
  "scope": "WRITE",
  "allowed_operations": [
    "GET /api/domains",
    "POST /api/domains",
    "PUT /api/domains/{id}/nameservers",
    "DELETE /api/domains/{id}/dns/records/{record_id}"
  ]
}

Use case: Automated domain management, CI/CD pipelines, domain provisioning.

ADMIN Scope

Full administrative access (default when not specified):

json
{
  "scope": "ADMIN",
  "allowed_operations": ["*"]
}

Use case: Trusted backend applications with full control.

Managing Multiple API Keys

Key Organization

Use descriptive names and organize by:

  • Environment: dev-local, staging-api, prod-backend
  • Application: domain-checker, dns-sync-tool
  • Purpose: monitoring-readonly, automation-write

Key Rotation

Regularly rotate your API keys for security:

  1. Create new key with same scope
  2. Update applications to use new key
  3. Test thoroughly in staging environment
  4. Deploy to production
  5. Revoke old key after successful deployment

Immediate Revocation

When you revoke an API key, it becomes invalid immediately. Ensure your applications have been updated before revoking the old key.

Usage Monitoring

Monitor your API key usage in the dashboard:

  • Request Volume: Calls per hour/day/month
  • Error Rates: Failed requests and causes
  • Endpoints Used: Most frequently accessed endpoints
  • IP Addresses: Source IPs using the key

Best Practices for API Key Management

Security

  • Never commit keys to version control
  • Use environment variables for key storage
  • Rotate keys regularly (every 90 days recommended)
  • Use least privilege - choose the minimum scope needed
  • Monitor for unusual activity

Environment Variables

Store keys securely using environment variables:

.env file

bash
ZEROLINK_API_KEY=zlk_live_abc123xyz789.your_secret_here

JavaScript

javascript
const apiKey = process.env.ZEROLINK_API_KEY;
if (!apiKey) {
  throw new Error('ZEROLINK_API_KEY environment variable is required');
}

Python

python
import os

api_key = os.getenv('ZEROLINK_API_KEY')
if not api_key:
    raise ValueError('ZEROLINK_API_KEY environment variable is required')

Development vs Production

Use separate keys for different environments:

EnvironmentKey NameScopeUsage
Developmentdev-localREADLocal testing
Stagingstaging-testWRITEPre-production
Productionprod-mainWRITELive application
Monitoringprod-readonlyREADDashboards

Access Control

Limit key scopes based on use case:

  • Monitoring tools: READ scope
  • Automation services: WRITE scope
  • Admin operations: ADMIN scope (use sparingly)

Troubleshooting API Key Issues

Invalid API Key Error

json
{
  "error": {
    "code": "INVALID_API_KEY",
    "message": "The provided API key is invalid"
  }
}

Solutions:

  • Verify the key is copied correctly (no extra spaces)
  • Check the key hasn't been revoked
  • Ensure you're using the full token (including the secret after the dot)

Insufficient Scope

json
{
  "error": {
    "code": "INSUFFICIENT_SCOPE",
    "message": "This action requires WRITE scope"
  }
}

Solutions:

  • Check required scope for the endpoint
  • Create a new key with appropriate scope

Rate Limit Exceeded

json
{
  "error": {
    "code": "RATE_LIMIT_EXCEEDED",
    "message": "Too many requests"
  }
}

Solutions:

  • Implement request throttling
  • Use exponential backoff
  • Contact support for higher limits

API Key Lifecycle

1. Creation

  • Generate key with appropriate scope
  • Document the key's purpose and usage
  • Store the full token securely (shown only once!)

2. Active Use

  • Monitor usage and performance
  • Watch for error rates and issues
  • Keep scope appropriate to needs

3. Rotation

  • Create replacement key
  • Update all applications
  • Test thoroughly before revoking old key

4. Revocation

  • Remove from all applications first
  • Revoke in 0.link dashboard
  • Document the change

Emergency Procedures

Compromised API Key

If you suspect your API key has been compromised:

  1. Immediately revoke the compromised key
  2. Generate a new key with fresh credentials
  3. Update all applications with the new key
  4. Review access logs for suspicious activity
  5. Contact support if unauthorized usage detected

Lost API Key

If you've lost access to your API key:

  1. Generate a new key from the dashboard (you cannot recover the old secret)
  2. Update your applications with the new key
  3. Revoke the old key to prevent unauthorized use

Next Steps

Now that you understand API keys:

  1. Make Your First API Call - Test your key
  2. Understand API Access - Learn about access levels
  3. Explore Authentication - Deep dive into security
  4. Domains API - Start managing domains

Getting Help

Need help with API keys?

Copyright © 2025 0.link