API keys authenticate requests to the LinkStacked REST API. You can generate multiple keys, each with a descriptive label, so you know which key is used for which app.
Generating an API key
- 1Go to Settings → Security → API keys.
- 2Click "Generate new key".
- 3Enter a label for the key (e.g. "Zapier", "My custom dashboard", "Production app").
- 4Click "Generate".
- 5Copy the key immediately — it is only shown once.
Copy your API key when it's shown. After you close the dialog, the full key cannot be retrieved. If you lose it, generate a new one and revoke the old one.
Using your API key
Include your key as a Bearer token in the Authorization header of every API request: Authorization: Bearer ls_live_YOUR_KEY_HERE.
Rotating a key
If you suspect a key has been compromised, revoke it immediately and generate a new one. Update all apps using the old key. Revocation takes effect immediately — all requests using the old key receive a 401 error.
Best practices
- Never commit API keys to public code repositories (GitHub, GitLab).
- Store keys in environment variables or a secrets manager, not in source code.
- Create separate keys for separate apps — never share keys between unrelated projects.
Was this article helpful?