Authentication
All API requests require authentication using your workspace keys.
Key Types
DEPL uses two types of keys for different operations:
API Key (api_key)
- Purpose: Create deep links (write operations)
- Usage: Server-side only
- Security: Keep this secret, never expose in client code
Client Key (client_key)
- Purpose: Retrieve deep link data (read operations)
- Usage: Can be used in mobile apps
- Security: Safe to embed in mobile applications
Finding Your Keys
You can find both keys in your workspace settings:
- Go to Dashboard → Your Workspace → Settings
- Copy your API Key for creating deep links
- Copy your Client Key for retrieving deep link data
Using Your Keys
Include the appropriate key in the Authorization header:
Creating Deep Links (API Key)
curl https://depl.link/api/deeplink \
-X POST \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"slug": "summer-sale",
"app_params": {
"screen": "promo",
"promo_id": "summer"
}
}'
Retrieving Deep Links (Client Key)
curl "https://depl.link/api/deeplink?slug=abc123" \
-H "Authorization: Bearer YOUR_CLIENT_KEY"
Security Best Practices
- Never expose your API key in client-side code
- Use API Key only on your backend servers
- Client Key can be safely used in mobile apps
- Store keys in environment variables
- Rotate your keys regularly if compromised
- Use different workspaces for development and production
Rate Limits
| Plan | Rate Limit |
|---|---|
| Free | 100 requests/minute |
| Pro | 1000 requests/minute |
| Enterprise | Custom |