s.id Logo
s.id
Developer Platform

Build on s.id — REST API, Webhooks & OAuth

Create short links, track clicks, and automate your workflow with the s.id developer platform. Simple API key auth, real-time webhooks, and OAuth 2.0 for third-party apps.

REST API

Manage links, QR codes, and user data with a clean JSON API. Bearer token auth, 38 req/min.

Learn More

Webhooks

Subscribe to link.created, link.clicked, qr.scanned, and more. HMAC-signed payloads.

Learn More

OAuth 2.0

Authorization-code flow with PKCE and refresh token rotation lets your app act on behalf of s.id users.

Learn More

Quickstart

Create a short link in one API call.

1

Open Dashboard → Developer → API Keys

2

Create a key with the scopes you need

3

Call the API with Bearer sk_live_...

Base URL: https://api.s.id/v2

curl -X POST https://api.s.id/v2/links \
  -H "Authorization: Bearer sk_live_..." \
  -H "Content-Type: application/json" \
  -d '{"long_url": "https://example.com/long-url", "custom_slug": "mylink"}'

Endpoints

All endpoints require an API key with the appropriate scope.

MethodPath
GET/links
POST/links
POST/links/available
GET/links/{short}
PUT/links/{short}
DELETE/links/{short}
POST/links/{short}/unarchive
GET/links/{short}/stats
GET/links/{short}/stats/lifetime
GET/user
GET/quota
GET/microsites
POST/microsites
GET/microsites/{slug}
PUT/microsites/{slug}
DELETE/microsites/{slug}
POST/links/bulk
GET/stats
GET/qr
PUT/qr
GET/links/{short}/qr
PUT/links/{short}/qr
POST/microsites/available
GET/microsites/{slug}/components
POST/microsites/{slug}/components
PUT/microsites/{slug}/components/{componentId}
DELETE/microsites/{slug}/components/{componentId}
POST/microsites/{slug}/components/order
GET/oauth/authorize
POST/oauth/token
POST/oauth/revoke
GET/oauth/userinfo
GET/api/user/oauth/apps
DELETE/api/user/oauth/apps/{clientId}
Full API Reference ↗

API Scopes

Each API key is scoped — request only the permissions your integration needs.

links:readList and read links
links:writeCreate and update links (create, edit, restore)
links:archiveArchive links
links:analyticsRead per-link click statistics and lifetime counts
qr:readRead QR code settings (global and per-link)
qr:writeCustomize QR code settings (global and per-link)
user:readRead the authenticated user profile and account quota
microsites:readRead microsites
microsites:writeCreate, update, delete and manage components of microsites

Webhooks

Register an HTTPS endpoint to receive real-time events. Each delivery is POST-signed with HMAC-SHA256.

Available events

link.createdFired when a new link is created
link.updatedFired when a link's URL or title is changed
link.archivedFired when a link is archived
link.clickedFired on each redirect (per-click event)
microsite.publishedFired when a microsite is published
qr.scannedFired when a QR code is scanned

Example payload

{
  "event": "link.created",
  "link": {
    "id": 123,
    "short": "mylink",
    "short_url": "https://s.id/mylink",
    "long_url": "https://example.com/long-url",
    "title": "My Link",
    "created": "2026-06-22T10:00:00Z"
  },
  "timestamp": "2026-06-22T10:00:00Z"
}

Verify the signature (Node.js)

const crypto = require('crypto');

function verifySignature(secret, rawBody, sigHeader) {
  const expected = 'sha256=' +
    crypto.createHmac('sha256', secret).update(rawBody).digest('hex');
  return crypto.timingSafeEqual(
    Buffer.from(sigHeader),
    Buffer.from(expected),
  );
}

The secret is shown once when you create the webhook. Verify before processing the event.

Full webhooks guide

Authentication

Two ways to authenticate: API keys for server-to-server, OAuth 2.0 for on-behalf-of-user flows.

API Keys

Create a key in Dashboard → Developer → API Keys. Pass it as a Bearer token. Keys are scoped and can be revoked at any time.

Authorization: Bearer sk_live_...

OAuth 2.0

Use the authorization-code flow to act on behalf of s.id users. Redirect to /oauth/authorize, exchange the code at /oauth/token.

OAuth 2.0 guide

Ready to start building?

Create an API key in minutes. Free tier included — no credit card required.