API Keys
API keys are the primary method of authentication for the Status Check API. This guide covers everything you need to know about creating, managing, and using API keys securely.
Overview
API keys allow you to:
- Authenticate requests to the Status Check API
- Control access to your account and credits
- Track usage per application or environment
- Revoke access when needed
API Key Format
All Status Check API keys follow this format:
sk_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
- Prefix:
sk_(Status Key) - Length: 43 characters total
- Character set: Alphanumeric (a-z, A-Z, 0-9)
Creating API Keys
Via Dashboard
- Log in to app.status-check.io
- Navigate to Profile → API Keys tab
- Click "Create New API Key"
- Enter a descriptive name for your key
- Click "Create"
- Copy your API key immediately - it will only be shown once
API keys are only displayed once during creation. If you lose your key, you'll need to create a new one.
Naming Conventions
Use descriptive names to identify where each key is used:
Production Server- Main production environmentStaging- Testing environmentDevelopment- Local developmentMobile App iOS- iOS applicationMarketing Automation- Zapier/Make integrations
Using API Keys
HTTP Header (Recommended)
Pass your API key in the X-API-Key header:
curl -X POST https://api.status-check.io/v1/check \
-H "X-API-Key: sk_your_api_key" \
-H "Content-Type: application/json" \
-d '{"domain": "example.com"}'
JavaScript Example
const apiKey = process.env.STATUS_CHECK_API_KEY;
const response = await fetch('https://api.status-check.io/v1/check', {
method: 'POST',
headers: {
'X-API-Key': apiKey,
'Content-Type': 'application/json'
},
body: JSON.stringify({
domain: 'example.com'
})
});
const result = await response.json();
console.log(result);
Python Example
import os
import requests
api_key = os.environ.get('STATUS_CHECK_API_KEY')
response = requests.post(
'https://api.status-check.io/v1/check',
headers={
'X-API-Key': api_key,
'Content-Type': 'application/json'
},
json={
'domain': 'example.com'
}
)
result = response.json()
print(result)
PHP Example
<?php
$apiKey = getenv('STATUS_CHECK_API_KEY');
$ch = curl_init('https://api.status-check.io/v1/check');
curl_setopt($ch, CURLOPT_HTTPHEADER, [
'X-API-Key: ' . $apiKey,
'Content-Type: application/json'
]);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode([
'domain' => 'example.com'
]));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
$result = json_decode($response, true);
curl_close($ch);
print_r($result);
?>
Managing API Keys
Viewing Your Keys
To see all your API keys:
- Go to Profile → API Keys
- View list of all active keys with:
- Key name
- Created date
- Last used date
- Partial key (last 4 characters)
Revoking Keys
To revoke an API key:
- Go to Profile → API Keys
- Find the key you want to revoke
- Click the "Revoke" button
- Confirm the action
Revoking a key immediately invalidates it. Any applications using that key will stop working.
Rotating Keys
Best practice: Rotate API keys regularly
- Create a new API key
- Update your application with the new key
- Test that everything works
- Revoke the old key
Security Best Practices
1. Never Expose API Keys
DON'T:
- ❌ Commit keys to version control (Git, GitHub, etc.)
- ❌ Share keys in public forums or support tickets
- ❌ Include keys in client-side code (JavaScript, mobile apps)
- ❌ Store keys in plaintext files
- ❌ Send keys via email or messaging apps
DO:
- ✅ Use environment variables
- ✅ Use secret management services (AWS Secrets Manager, HashiCorp Vault)
- ✅ Restrict keys to server-side code only
- ✅ Use
.envfiles (and add to.gitignore)
2. Use Environment Variables
Example .env file:
STATUS_CHECK_API_KEY=sk_your_actual_api_key_here
Add to .gitignore:
.env
.env.local
.env.*.local
Access in your code:
// Node.js
require('dotenv').config();
const apiKey = process.env.STATUS_CHECK_API_KEY;
# Python
import os
from dotenv import load_dotenv
load_dotenv()
api_key = os.getenv('STATUS_CHECK_API_KEY')
3. Separate Keys by Environment
Use different API keys for:
- Production - Live applications
- Staging - Pre-production testing
- Development - Local development
This allows you to:
- Track usage per environment
- Revoke compromised keys without affecting production
- Monitor which environment is generating errors
4. Regular Rotation
Rotate your API keys:
- Quarterly - For production keys
- After employee departure - If someone with access leaves
- After suspected compromise - Immediately if you suspect exposure
5. Monitor Usage
Regularly check your API key usage:
curl -X GET https://api.status-check.io/v1/auth/keys \
-H "Authorization: Bearer your_firebase_token"
Look for:
- Unexpected spikes in usage
- Requests from unknown IPs
- Unusual error rates
Rate Limits
All API keys are subject to rate limits:
- 60 requests per minute
- 1,000 requests per hour
Handling Rate Limits
When you exceed rate limits, you'll receive:
{
"error": "Rate limit exceeded",
"message": "Too many requests. Please try again later.",
"retry_after": 60
}
HTTP Status: 429 Too Many Requests
Best Practices:
- Implement exponential backoff
- Use batch endpoints for bulk operations
- Cache results when possible
- Distribute requests over time
Rate Limit Headers
Each response includes rate limit information:
X-RateLimit-Limit: 60
X-RateLimit-Remaining: 45
X-RateLimit-Reset: 1646150400
Credit Usage
Each API call consumes credits from your account:
- Domain validation: 0.001 credits
- Email validation: 0.001 credits
- Batch operations: 0.001 credits per item
Checking Credit Balance
curl -X GET https://api.status-check.io/v1/credits \
-H "X-API-Key: sk_your_api_key"
Response:
{
"credits": 5000,
"used_this_month": 2345,
"last_purchase": "2025-03-01T10:00:00Z"
}
Low Credit Alerts
Set up alerts to be notified when credits are running low:
- Go to Profile → Settings
- Enable "Low Credit Alerts"
- Set threshold (e.g., 1000 credits)
- Add notification email
Troubleshooting
Invalid API Key
Error:
{
"error": "Invalid API key",
"message": "The provided API key is invalid or has been revoked."
}
Solutions:
- Verify the key is correct (check for typos)
- Ensure the key hasn't been revoked
- Create a new key if needed
Missing API Key
Error:
{
"error": "Missing authentication",
"message": "No API key provided in request."
}
Solution:
Ensure you're including the X-API-Key header:
-H "X-API-Key: sk_your_api_key"
Insufficient Credits
Error:
{
"error": "Insufficient credits",
"message": "Your account does not have enough credits to complete this request."
}
Solution: Purchase more credits at app.status-check.io/credits
FAQ
Can I use the same API key in multiple applications?
Yes, but it's recommended to create separate keys for:
- Better tracking and monitoring
- Easier rotation and revocation
- Environment isolation
What happens if my API key is compromised?
- Immediately revoke the key in the dashboard
- Check your usage history for unauthorized requests
- Create a new API key
- Review your security practices
Do API keys expire?
No, API keys do not expire automatically. However, you should rotate them regularly as a security best practice.
Can I see my full API key after creation?
No, for security reasons, API keys are only displayed once during creation. If you lose it, create a new one.
How many API keys can I create?
There's no limit on the number of API keys you can create. Create as many as you need for different applications and environments.
Next Steps
- API Reference - Explore all available endpoints
- Authentication - Learn about OAuth and other auth methods
- Rate Limiting - Understand rate limits and best practices
- Batch Processing - Validate leads in bulk
Support
Need help with API keys?
- Email: support@status-check.io
- Dashboard: app.status-check.io
- Documentation: docs.status-check.io