Authentication
The U2L API uses API keys to authenticate requests. API access requires a Pro plan or above.
API Key Format
API keys use the format u2l_live_ followed by 32 random hexadecimal characters. The u2l_live_ prefix makes keys easy to identify and scan for accidental leaks.
u2l_live_a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6
Getting Your API Key
- Log in to your U2L Dashboard
- Navigate to Settings → API
- Click Create API Key and optionally add a label (e.g., "Production", "CI/CD")
- Copy the key immediately — it will only be shown once
Making Authenticated Requests
Include your API key in the Authorization header of every request using the Bearer scheme:
curl https://u2l.ai/api/v1/links \
-H "Authorization: Bearer u2l_live_your_api_key"Error Responses
If authentication fails, the API returns a 401 or 403 status code:
Missing or invalid key
401 Unauthorized
{
"error": {
"code": "unauthorized",
"message": "Missing API key. Include it as: Authorization: Bearer u2l_live_..."
}
}Invalid format
401 Unauthorized
{
"error": {
"code": "unauthorized",
"message": "Invalid API key format. Keys start with u2l_live_ followed by 32 characters."
}
}Free plan user
403 Forbidden
{
"error": {
"code": "forbidden",
"message": "API access requires Pro plan or above."
}
}API Key Limits by Plan
| Plan | API Access | Max Keys |
|---|---|---|
| Free | No | 0 |
| Pro | Yes | 1 |
| Advanced | Yes | 1 |
| Team | Yes | 3 |
| Enterprise | Yes | 3 |
Security Best Practices
- •Never commit API keys to source control. Use environment variables instead.
- •Rotate keys regularly by revoking old keys and creating new ones from your dashboard.
- •Use labels to identify where each key is used (e.g., "Production", "Staging").
- •Revoke compromised keys immediately from Settings → API in your dashboard.