Skip to main content
WebLinq uses API key authentication to secure all requests. Every API call must include a valid API key to identify your account and track usage.
All endpoints require authentication except health checks. This ensures your usage is tracked and your data remains secure.

Get your API key

1

Create your account

Sign up at WebLinq - it’s free to get started.
2

Generate your key

  1. Go to API Keys in your dashboard 2. Click “Create API Key” and give it a descriptive name 3. Copy your API key immediately
    API keys are only shown once. Store them securely in environment variables.
3

Test your key

Verify your API key works:
curl -H "Authorization: Bearer YOUR_API_KEY" \
  "https://api.weblinq.dev/v1/user/me"

Authentication methods

Bearer token

Include your API key in the Authorization header: 
curl -X POST "https://api.weblinq.dev/v1/web/markdown" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"url": "https://example.com"}'
Use Authorization: Bearer when possible - it’s the standard approach and works with most HTTP libraries.

Error responses

{
  "success": false,
  "error": {
    "code": "AUTHENTICATION_REQUIRED",
    "message": "Authentication required",
    "requestId": "req_1234567890abcdef"
  },
  "timestamp": "2024-01-15T10:30:00Z"
}

{
  "success": false,
  "error": {
    "code": "RATE_LIMIT_EXCEEDED",
    "message": "Rate limit exceeded",
    "requestId": "req_1234567890abcdef"
  },
  "timestamp": "2024-01-15T10:30:00Z"
}

Rate limits

API keys have different limits based on your plan:
PlanRequests/HourConcurrentFeatures
Free1,0005All endpoints
Pro10,00020Priority support
EnterpriseCustomCustomDedicated support

Rate limit headers

Every response includes rate limit information: 
X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 999
X-RateLimit-Reset: 1705312200

Security best practices

Environment variables

Always store API keys in environment variables:
  • Node.js
  • Python
  • Docker
# .env file
WEBLINQ_API_KEY=your_api_key_here

const apiKey = process.env.WEBLINQ_API_KEY;

Security checklist

  • Create separate keys for development and production
  • Rotate keys every 90 days
  • Use descriptive names to track key usage
  • Delete unused keys immediately
  • Store keys in environment variables or secrets managers - Never commit keys to version control - Don’t embed keys in client-side code - Avoid using keys in URLs or query parameters
  • Monitor API usage in your dashboard
  • Set up alerts for unusual activity
  • Review key usage patterns regularly
  • Track failed authentication attempts
Security reminder: Never share API keys, commit them to Git, or use them in client-side code.

Need help?

Get Support

Email us for technical support

API Reference

Explore all available endpoints
I