Protect your API access token like it's a password. If it's exposed to anyone outside of your organization, follow these steps to revoke your current token and replace it with a new one.
If the user with the compromised token is unavailable (for example, because they're on vacation or are no longer with your company), migrate your integration to someone else. To do so:
- Have another user in your account generate a new access token.
- Replace the compromised token in your code or settings with this new token.
In all other scenarios, follow these steps to revoke and replace the OAuth token in your app or integration.
To revoke a Bitly API access token:
- Log in to your Bitly account.
- Click Settings in the left sidebar.
- Under Your Settings, click Integrations.
- Find "Bitly API" in the list of app connections and click Revoke Access. There may be more than one app connection for the Bitly API — revoke them all, if so.
Note: Revoking a token breaks any connection that uses it.
Now you can replace the OAuth token with a new one.
To replace your Bitly API access token:
- If you've navigated away from your settings, click Settings in the left sidebar.
- Under Developer Settings, click API.
- Enter your Bitly account password.
- Click Generate token.
- Copy the token. If you leave this page and then return, you'll be prompted to enter your password again to view the token.
You can now paste the new token into your code or integration settings to connect via the API.
Protect your token. If it gets exposed to anyone outside your organization, follow these steps again to revoke the token and generate a new one.