s.id Logo
Developer Platform

Build on s.id — REST API, Webhooks & OAuth

Create short links, track clicks, and automate your workflow with the s.id developer platform. Simple API key auth, real-time webhooks, and OAuth 2.0 for third-party apps.

REST API

Manage links, QR codes, and user data with a clean JSON API. Bearer token auth, 38 req/min.

Learn More

Webhooks

Subscribe to link.created, link.clicked, qr.scanned, and more. HMAC-signed payloads.

Learn More

OAuth 2.0

Authorization-code flow with PKCE and refresh token rotation lets your app act on behalf of s.id users.

Learn More

Quickstart

Create a short link in one API call.

1Open Dashboard → Developer → API Keys
2Create a key with the scopes you need
3Call the API with Bearer sk_live_...

Base URL: https://api.s.id/v2

curl -X POST https://api.s.id/v2/links \
  -H "Authorization: Bearer sk_live_..." \
  -H "Content-Type: application/json" \
  -d '{"long_url": "https://example.com/long-url", "custom_slug": "mylink"}'

Endpoints

All endpoints require an API key with the appropriate scope.

Full API Reference ↗
MethodPathDescriptionScope
GET/linksList linkslinks:read
POST/linksCreate a linklinks:write
POST/links/availableCheck slug availabilitylinks:read
GET/links/{short}Get a linklinks:read
PUT/links/{short}Update a linklinks:write
DELETE/links/{short}Archive a linklinks:archive
POST/links/{short}/unarchiveRestore an archived linklinks:write
GET/links/{short}/statsLink click timelinelinks:analytics
GET/links/{short}/stats/lifetimeLifetime click countlinks:analytics
GET/userGet authenticated useruser:read
GET/quotaGet account quotauser:read
GET/micrositesList micrositesmicrosites:read
POST/micrositesCreate a micrositemicrosites:write
GET/microsites/{slug}Get a micrositemicrosites:read
PUT/microsites/{slug}Update a micrositemicrosites:write
DELETE/microsites/{slug}Delete a micrositemicrosites:write
POST/links/bulkBulk create linkslinks:write
GET/statsAccount-level click analyticslinks:analytics
GET/qrGet global QR settingsqr:read
PUT/qrCustomize global QR settingsqr:write
GET/links/{short}/qrGet a link's QR settingsqr:read
PUT/links/{short}/qrCustomize a link's QR settingsqr:write
POST/microsites/availableCheck microsite slug availabilitymicrosites:read
GET/microsites/{slug}/componentsList microsite componentsmicrosites:read
POST/microsites/{slug}/componentsAdd a microsite componentmicrosites:write
PUT/microsites/{slug}/components/{componentId}Update a microsite componentmicrosites:write
DELETE/microsites/{slug}/components/{componentId}Delete a microsite componentmicrosites:write
POST/microsites/{slug}/components/orderReorder microsite componentsmicrosites:write
GET/oauth/authorizeGet consent screen data
POST/oauth/tokenExchange code or refresh token
POST/oauth/revokeRevoke a token
GET/oauth/userinfoGet authorized user profile
GET/api/user/oauth/appsList apps authorized by the current user
DELETE/api/user/oauth/apps/{clientId}Revoke all tokens for an app

API Scopes

Each API key is scoped — request only the permissions your integration needs.

links:readList and read links
links:writeCreate and update links (create, edit, restore)
links:archiveArchive links
links:analyticsRead per-link click statistics and lifetime counts
qr:readRead QR code settings (global and per-link)
qr:writeCustomize QR code settings (global and per-link)
user:readRead the authenticated user profile and account quota
microsites:readRead microsites
microsites:writeCreate, update, delete and manage components of microsites

Webhooks

Register an HTTPS endpoint to receive real-time events. Each delivery is POST-signed with HMAC-SHA256.

Available events

link.createdFired when a new link is created
link.updatedFired when a link's URL or title is changed
link.archivedFired when a link is archived
link.clickedFired on each redirect (per-click event)
microsite.publishedFired when a microsite is published
qr.scannedFired when a QR code is scanned

Example payload

{
  "event": "link.created",
  "link": {
    "id": 123,
    "short": "mylink",
    "short_url": "https://s.id/mylink",
    "long_url": "https://example.com/long-url",
    "title": "My Link",
    "created": "2026-06-22T10:00:00Z"
  },
  "timestamp": "2026-06-22T10:00:00Z"
}

Verify the signature (Node.js)

const crypto = require('crypto');

function verifySignature(secret, rawBody, sigHeader) {
  const expected = 'sha256=' +
    crypto.createHmac('sha256', secret).update(rawBody).digest('hex');
  return crypto.timingSafeEqual(
    Buffer.from(sigHeader),
    Buffer.from(expected),
  );
}

The secret is shown once when you create the webhook. Verify before processing the event.

Full webhooks guide

API Keys

Create a key in Dashboard → Developer → API Keys. Pass it as a Bearer token. Keys are scoped and can be revoked at any time.

Authorization: Bearer sk_live_...

OAuth 2.0

Use the authorization-code flow to act on behalf of s.id users. Redirect to /oauth/authorize, exchange the code at /oauth/token.

OAuth 2.0 guide

Ready to start building?

Create an API key in minutes. Free tier included — no credit card required.