Build on s.id — REST API, Webhooks & OAuth
Create short links, track clicks, and automate your workflow with the s.id developer platform. Simple API key auth, real-time webhooks, and OAuth 2.0 for third-party apps.
REST API
Manage links, QR codes, and user data with a clean JSON API. Bearer token auth, 38 req/min.
Learn MoreWebhooks
Subscribe to link.created, link.clicked, qr.scanned, and more. HMAC-signed payloads.
Learn MoreOAuth 2.0
Authorization-code flow with PKCE and refresh token rotation lets your app act on behalf of s.id users.
Learn MoreQuickstart
Create a short link in one API call.
Open Dashboard → Developer → API Keys
Create a key with the scopes you need
Call the API with Bearer sk_live_...
Base URL: https://api.s.id/v2
curl -X POST https://api.s.id/v2/links \
-H "Authorization: Bearer sk_live_..." \
-H "Content-Type: application/json" \
-d '{"long_url": "https://example.com/long-url", "custom_slug": "mylink"}'Endpoints
All endpoints require an API key with the appropriate scope.
| Method | Path |
|---|---|
| GET | /links |
| POST | /links |
| POST | /links/available |
| GET | /links/{short} |
| PUT | /links/{short} |
| DELETE | /links/{short} |
| POST | /links/{short}/unarchive |
| GET | /links/{short}/stats |
| GET | /links/{short}/stats/lifetime |
| GET | /user |
| GET | /quota |
| GET | /microsites |
| POST | /microsites |
| GET | /microsites/{slug} |
| PUT | /microsites/{slug} |
| DELETE | /microsites/{slug} |
| POST | /links/bulk |
| GET | /stats |
| GET | /qr |
| PUT | /qr |
| GET | /links/{short}/qr |
| PUT | /links/{short}/qr |
| POST | /microsites/available |
| GET | /microsites/{slug}/components |
| POST | /microsites/{slug}/components |
| PUT | /microsites/{slug}/components/{componentId} |
| DELETE | /microsites/{slug}/components/{componentId} |
| POST | /microsites/{slug}/components/order |
| GET | /oauth/authorize |
| POST | /oauth/token |
| POST | /oauth/revoke |
| GET | /oauth/userinfo |
| GET | /api/user/oauth/apps |
| DELETE | /api/user/oauth/apps/{clientId} |
API Scopes
Each API key is scoped — request only the permissions your integration needs.
links:readList and read linkslinks:writeCreate and update links (create, edit, restore)links:archiveArchive linkslinks:analyticsRead per-link click statistics and lifetime countsqr:readRead QR code settings (global and per-link)qr:writeCustomize QR code settings (global and per-link)user:readRead the authenticated user profile and account quotamicrosites:readRead micrositesmicrosites:writeCreate, update, delete and manage components of micrositesWebhooks
Register an HTTPS endpoint to receive real-time events. Each delivery is POST-signed with HMAC-SHA256.
Available events
link.createdFired when a new link is createdlink.updatedFired when a link's URL or title is changedlink.archivedFired when a link is archivedlink.clickedFired on each redirect (per-click event)microsite.publishedFired when a microsite is publishedqr.scannedFired when a QR code is scannedExample payload
{
"event": "link.created",
"link": {
"id": 123,
"short": "mylink",
"short_url": "https://s.id/mylink",
"long_url": "https://example.com/long-url",
"title": "My Link",
"created": "2026-06-22T10:00:00Z"
},
"timestamp": "2026-06-22T10:00:00Z"
}Verify the signature (Node.js)
const crypto = require('crypto');
function verifySignature(secret, rawBody, sigHeader) {
const expected = 'sha256=' +
crypto.createHmac('sha256', secret).update(rawBody).digest('hex');
return crypto.timingSafeEqual(
Buffer.from(sigHeader),
Buffer.from(expected),
);
}The secret is shown once when you create the webhook. Verify before processing the event.
Authentication
Two ways to authenticate: API keys for server-to-server, OAuth 2.0 for on-behalf-of-user flows.
API Keys
Create a key in Dashboard → Developer → API Keys. Pass it as a Bearer token. Keys are scoped and can be revoked at any time.
Authorization: Bearer sk_live_...OAuth 2.0
Use the authorization-code flow to act on behalf of s.id users. Redirect to /oauth/authorize, exchange the code at /oauth/token.
OAuth 2.0 guideReady to start building?
Create an API key in minutes. Free tier included — no credit card required.