Protect your API access token like it's a password. If it's exposed to anyone outside of your organization, follow these steps to revoke your current token and replace it with a new one.
If the user with the compromised token is unavailable (for example, because they're on vacation or are no longer with your company), migrate your integration to a new person. This new user can generate a new token, which you can use to replace the compromised one in your code or settings.
To revoke a Bitly API access token:
- Log in to your Bitly account.
- Click Settings in the left sidebar.
- Under Your Settings, click Integrations.
- Find Bitly API in the list of app connections and click Revoke Access. There may be more than one Bitly API app connection — revoke them all, if so.
Note: Revoking a token breaks any connection that uses it.
Now you can replace the OAuth token with a new one.
To replace your Bitly API access token:
- If you've navigated away from your settings, click Settings in the left sidebar.
- Under Developer Settings, click API.
- Enter your Bitly account password.
- Click Generate token.
- Copy the token. If you leave this page and then return, you'll be prompted to enter your password again to view the token.
You can now paste the new token into your code or integration settings to connect via the API.
Protect your token. If it gets exposed to anyone outside your organization, follow these steps again to revoke the token and generate a new one.