Obtaining Your API Key

Your API key is generated from the Codelloy Dashboard. Follow these steps to create, label, and securely store your key.

Prerequisites

An active Codelloy account with the Owner role.
Signed in to the Codelloy Dashboard .

Step-by-Step Guide

Step 1 — Navigate to the API Key page

From the dashboard sidebar, locate the General section and click API Key (key icon).

Dashboard sidebar with the API Key entry highlighted under the General section

Step 2 — Click Generate Key

On the API Key page:

The left panel shows the current key’s label (if a key already exists) and a Generate Key button.
The right panel shows usage instructions.

Click Generate Key.

API Key page showing the current label and the Generate Key button on the left panel, with usage instructions on the right

Step 2.5 — Label your key (recommended)

The confirmation dialog includes an optional Label input. Labels appear in audit logs to identify which key created or modified each short URL — for example, api-key:Production Integration versus api-key:CI Pipeline. If you skip the label, the backend uses <your-org-name> API key as the default.

Validation rules:

3–100 characters.
Allowed: letters, numbers, spaces, and the punctuation . , _ - ( ).

Examples that work: Production Integration, Beat81 staging, Marketing automation (Mailchimp).

Why labels matter: every short URL created via the API stores createdBy = api-key:<label> instead of an email. Without a label, every row reads api-key:<orgName> API key — fine for one integrator, painful when you have several.

Generate confirm dialog with the Label input filled in and the 3-100 characters helper text below

Step 3 — Confirm key generation

Click Generate in the dialog.

⚠️ Regeneration is destructive. The previous key (if any) stops working immediately. Replace the key in every integration before generating a new one. Plan rotations for a low-traffic window.

Step 4 — Copy & store your API key

After generation, the new key appears in a read-only text field labelled Generated key (visible once).

Click the copy button (clipboard icon) next to the key.
The button briefly changes to a checkmark with Copied to confirm.
Store the key securely — in a password manager or environment variable.

🔒 The key is visible only until you refresh or leave the page. There is no way to retrieve it again — only regenerate.

API Key page after generation showing the read-only key textbox and Copy button

Step 5 — Edit the label later (non-destructive)

To rename a key without regenerating it, click the pencil icon next to the current label, edit, and Save. The hashed key value is preserved — every existing integration keeps working. Same validation rules apply.

Audit attribution

Every short URL written via the External API stores createdBy = api-key:<your label> (and updatedBy on the next edit). The Codelloy dashboard renders these with a key icon and the label text — distinct from human-created links, which show an email and a person icon. See Field Reference → Short URL Object and the createdVia / lastModifiedVia columns which carry the structured origin (EXTERNAL / INTERNAL) alongside the human-readable principal.

API Key Best Practices

Use descriptive labels — your future self thanks you when auditing.
Store the key securely — treat it like a password; never commit it to source control.
One key per integration is the simplest model. Regenerating only rotates a single key — if multiple integrations share one, rotation impacts them all.
Include the key in every request using the X-API-KEY header.
If you suspect a leak, regenerate immediately. The old key is invalidated the instant the new one is created. There is no overlap window — schedule rotations during low-traffic periods.

Next steps

Mobile Apps — register your iOS and Android apps if you plan to use deep links. The per-platform mobileAppId is required on every deepLinks[] entry.
Quick Start — make your first API call.
API Errors — handle authentication failures (SML003) and the rest of the catalogue.