API Keys
In order to authenticate your access to the API you need two things:
- username - determines owner of the URLs that you shorten (this is user name you entered during account creation).
- api-key - determines methods that you allowed to call on different API resources (manage your API keys).
These values have to be sent with each HTTP-request to the API in form of custom HTTP-headers:
X-Tinycc-User: [username] X-Tinycc-Key: [api-key]
Example:
X-Tinycc-User: john_s X-Tinycc-Key: 2cd573c2-33a5-41cc-94ce-6030e8a026b1
HTTP Basic Authentication
Alternatively, you can use your user name and API key for HTTP Basic Authentication.
Use your base64-encoded username:api-key in place of user:password header value.
Example:
johndoe:c2es9d56-045d-4d87-b3f2-419274f4e001
Full Authorization header will look like this:
Authorization: Basic am9obl9zOjJjZDU3M2MyLTMzYTUtNDFjYy05NGNlLTYwMzBlOGEwMjZiMQ==
API key restrictions
For security it is important to grant your API keys only minimum necessary amount of privileges.
For example you can create read-only API-key by allowing use of only GET method. Or you can restrict API key access to certain domains in your account. Or you can restrict IP-addresses allowed to use that API key.
Please login to your account to manage your API keys and their permissions.
There is no limit on the number of API keys that may be created. Use this to your advantage and treat API-keys as disposable information. In case of suspicion of your API-key being disclosed better remove old key and create a new one.