API Keys

Every API request must include a valid API key as a Bearer token in the Authorization header.

Using your API key

SDK

import { UpvioApiClient } from '@upvio/sdk-node'

const client = new UpvioApiClient({
  apiKey: process.env.UPVIO_API_KEY,
  businessId: process.env.UPVIO_BUSINESS_ID,
})

cURL

curl https://api.upvio.com/v1/businesses/{businessId}/vitals/links \
  -H "Authorization: Bearer YOUR_API_KEY"

Creating an API key

1. Log in to the Vitals dashboard.

2. Navigate to Settings > Integrations > API Keys.

3. Click New API Key.

4. Enter a description (e.g., “Production server”) and select an expiry.

5. Click Create. Copy the key immediately — it is only displayed once.

Caution

If you lose your API key, you cannot retrieve it. Create a new one and invalidate the old key from the same page.

Invalidating a key

Open the actions menu next to any active key on the API Keys page and select Invalidate. Invalidated keys are immediately rejected by the API.

Finding your credentials

• Business ID — displayed as the Workspace ID on the API Keys page (Settings > Integrations > API Keys). Required in all API URLs.
• Business Alias — found on the General Settings page (Settings > General) under Workspace Alias. Used to construct scan URLs: https://scan.upvio.com/{alias}/links/{slug}.

Store these in environment variables:

UPVIO_API_KEY=your-api-key
UPVIO_BUSINESS_ID=your-business-id
UPVIO_BUSINESS_ALIAS=your-business-alias

Keep your key secret

Never expose your API key in client-side code, public repositories, or browser requests. Make all API calls from your server or serverless functions. Rotate keys regularly and use short expiries for development.