How to authenticate with the to.it.com API using Bearer API keys.
to.it.com uses Bearer token authentication with workspace-scoped API keys.
Create an API key
- Sign in to your dashboard
- Go to Settings → API Keys
- Click Create key, give it a name, and optionally set an expiration date
- Copy the key immediately — it is shown only once
API keys are available on Personal, Pro, and Business plans.
Using your key
Include the key in the Authorization header:
curl https://api.to.it.com/v1/short-links \
-H "Authorization: Bearer toit_YOUR_KEY_HERE"
Keys are prefixed with toit_ for easy identification.
Security best practices
- Never expose keys in client-side code — proxy requests through your backend
- Use separate keys per environment (development, staging, production)
- Revoke compromised keys immediately from the dashboard
- Rotate keys by revoking the old key and creating a new one
Scopes
Each key is created with read/write access to short links and analytics. Per-key scope selection will be available in a future update.