All requests to the Limitly API require authentication using your API key.

Authentication Method

Limitly uses Bearer Token authentication. Include your API key in the Authorization header: 
curl -H "Authorization: Bearer lk_1234567890abcdef1234567890abcdef" \
     https://api.limitly.dev/v1/keys

API Key Format

Limitly API keys follow this format:
  • Prefix: lk_
  • Length: 32 characters
  • Example: lk_1234567890abcdef1234567890abcdef

Getting Your API Key

  1. Log in to your Limitly Dashboard
  2. Navigate to the API Keys section
  3. Create a new API key or copy an existing one
  4. Use this key in your API requests

Example Requests

JavaScript (Fetch)

const response = await fetch('https://api.limitly.dev/v1/keys', {
  headers: {
    'Authorization': 'Bearer lk_1234567890abcdef1234567890abcdef',
    'Content-Type': 'application/json'
  }
});

const data = await response.json();

cURL

curl -X GET \
  -H "Authorization: Bearer lk_1234567890abcdef1234567890abcdef" \
  -H "Content-Type: application/json" \
  https://api.limitly.dev/v1/keys

Error Responses

If authentication fails, you’ll receive a 401 Unauthorized response: 
{
  "error": "Invalid API key",
  "code": "INVALID_API_KEY"
}

Security Best Practices

Environment Variables

Store your API key in environment variables, never in your source code:
# .env
LIMITLY_API_KEY=lk_1234567890abcdef1234567890abcdef

const apiKey = process.env.LIMITLY_API_KEY;
const response = await fetch('https://api.limitly.dev/v1/keys', {
  headers: {
    'Authorization': `Bearer ${apiKey}`,
    'Content-Type': 'application/json'
  }
});

Key Rotation

Regularly rotate your API keys for enhanced security. You can regenerate keys from your dashboard without affecting your application.

HTTPS Only

Always use HTTPS when making API requests. Limitly only accepts requests over HTTPS.

Rate Limiting

The Limitly API itself is rate limited. You can make up to 1000 requests per minute per API key. If you exceed this limit, you’ll receive a 429 Too Many Requests response: 
{
  "error": "Rate limit exceeded",
  "code": "RATE_LIMIT_EXCEEDED"
}

Next Steps