Authentication

LinkFetch uses bearer-token authentication. Every request carries your key in the Authorization header. Keys are scoped to a single workspace; rotate them freely — old keys keep working for a 24-hour grace window.

Where to get a key

Sign in at linkfetch.io/signin → the dashboard shows your default key. Create additional keys for CI, production, and local dev on the keys page.

Send it on every request

curl https://api.linkfetch.io/v1/profiles \
  -H "Authorization: Bearer sk_live_..." \
  --data-urlencode "url=linkedin.com/in/ada-lovelace"

import { LinkFetch } from "@linkfetch/sdk";

const ll = new LinkFetch({
  apiKey: process.env.LINKFETCH_KEY!,
});

from linkfetch import LinkFetch
ll = LinkFetch(api_key=os.environ["LINKFETCH_KEY"])

Key shape

Keys are prefixed sk_live_ for production and sk_test_ for sandbox. The prefix is returned in the X-Api-Key-Prefix header on every response so you can double-check routing in logs.

• sk_live_… — 24-hour grace on rotation
• sk_test_… — hits a sandboxed router; no credits charged, fixture data

Rotating keys

1. Create a new key in the dashboard.
2. Deploy it to your service.
3. Revoke the old key. For 24 hours, both keys work.
4. After 24 hours, the revoked key returns 401 invalid_key.

Secret handling

• Never commit a key. LinkFetch hashes keys on ingest and we can't recover the plaintext if you lose it — only the prefix is shown after creation.
• Store keys in a secrets manager (Doppler, AWS Secrets Manager, Vercel env vars, GitHub Actions secrets).
• Rotate on any compromise. The dashboard has a one-click revoke.
• For CI and server-to-server, use a dedicated key labelled ci or server so you can revoke without disrupting dev.

Scopes (coming soon)

Enterprise customers can scope keys to specific endpoints (read-only, no outreach queue, etc.). Ask your account owner or email info@linkfetch.io.

Common errors

See Errors for the full envelope.