ElixpoURLElixpoURL  Docs

API Keys

API keys authenticate machine-to-machine requests. Human users sign in through Elixpo Accounts SSO — keys are only for code that ElixpoURL on your behalf.

Creating a key

Open Profile → API Keys and click Create key. Name it after the app or environment it's for (e.g. blog-prod, ci-pipeline) so you can rotate it later without guesswork.

Format

Keys are 32-byte secrets, base32-encoded, with the prefix elu_:

elu_a1b2c3d4e5f67890abcdef1234567890

We hash keys on the server (Argon2id) and only the prefix is kept in the clear. We can't recover a lost key — if you lose it, revoke it and mint a new one.

Sending the key

Authorization: Bearer elu_YOUR_API_KEY

Anything else (query strings, cookies, custom headers) is ignored — keys go in Authorization only.

Rotation

  • Rotate keys at least every 90 days, or immediately if you suspect a leak.
  • Create the new key first, deploy it, verify it works, then revoke the old one.
  • Multiple active keys per account are fine — they're cheap to mint and revoke.

Scopes

Scopes ship with the next release. For now every key has full read/write access to your own short links. Don't share keys across users or repositories.

Limits

Your tier's quota applies per account, not per key. See Pricing for current limits.

← Previous
Shortening API
Next →
Click Analytics
Edit this page on GitHub
ElixpoURL: Fast URL Shortener on the Edge