Create short links, track clicks, and automate your workflow with the s.id developer platform. Simple API key auth, real-time webhooks, and OAuth 2.0 for third-party apps.
Manage links, QR codes, and user data with a clean JSON API. Bearer token auth, 38 req/min.
Learn MoreSubscribe to link.created, link.clicked, qr.scanned, and more. HMAC-signed payloads.
Learn MoreAuthorization-code flow with PKCE and refresh token rotation lets your app act on behalf of s.id users.
Learn MoreCreate a short link in one API call.
Base URL: https://api.s.id/v2
curl -X POST https://api.s.id/v2/links \
-H "Authorization: Bearer sk_live_..." \
-H "Content-Type: application/json" \
-d '{"long_url": "https://example.com/long-url", "custom_slug": "mylink"}'All endpoints require an API key with the appropriate scope.
| Method | Path | Description | Scope |
|---|---|---|---|
| GET | /links | List links | links:read |
| POST | /links | Create a link | links:write |
| POST | /links/available | Check slug availability | links:read |
| GET | /links/{short} | Get a link | links:read |
| PUT | /links/{short} | Update a link | links:write |
| DELETE | /links/{short} | Archive a link | links:archive |
| POST | /links/{short}/unarchive | Restore an archived link | links:write |
| GET | /links/{short}/stats | Link click timeline | links:analytics |
| GET | /links/{short}/stats/lifetime | Lifetime click count | links:analytics |
| GET | /user | Get authenticated user | user:read |
| GET | /quota | Get account quota | user:read |
| GET | /microsites | List microsites | microsites:read |
| POST | /microsites | Create a microsite | microsites:write |
| GET | /microsites/{slug} | Get a microsite | microsites:read |
| PUT | /microsites/{slug} | Update a microsite | microsites:write |
| DELETE | /microsites/{slug} | Delete a microsite | microsites:write |
| POST | /links/bulk | Bulk create links | links:write |
| GET | /stats | Account-level click analytics | links:analytics |
| GET | /qr | Get global QR settings | qr:read |
| PUT | /qr | Customize global QR settings | qr:write |
| GET | /links/{short}/qr | Get a link's QR settings | qr:read |
| PUT | /links/{short}/qr | Customize a link's QR settings | qr:write |
| POST | /microsites/available | Check microsite slug availability | microsites:read |
| GET | /microsites/{slug}/components | List microsite components | microsites:read |
| POST | /microsites/{slug}/components | Add a microsite component | microsites:write |
| PUT | /microsites/{slug}/components/{componentId} | Update a microsite component | microsites:write |
| DELETE | /microsites/{slug}/components/{componentId} | Delete a microsite component | microsites:write |
| POST | /microsites/{slug}/components/order | Reorder microsite components | microsites:write |
| GET | /oauth/authorize | Get consent screen data | |
| POST | /oauth/token | Exchange code or refresh token | |
| POST | /oauth/revoke | Revoke a token | |
| GET | /oauth/userinfo | Get authorized user profile | |
| GET | /api/user/oauth/apps | List apps authorized by the current user | |
| DELETE | /api/user/oauth/apps/{clientId} | Revoke all tokens for an app | |
Each API key is scoped — request only the permissions your integration needs.
links:readList and read linkslinks:writeCreate and update links (create, edit, restore)links:archiveArchive linkslinks:analyticsRead per-link click statistics and lifetime countsqr:readRead QR code settings (global and per-link)qr:writeCustomize QR code settings (global and per-link)user:readRead the authenticated user profile and account quotamicrosites:readRead micrositesmicrosites:writeCreate, update, delete and manage components of micrositesRegister an HTTPS endpoint to receive real-time events. Each delivery is POST-signed with HMAC-SHA256.
Available events
link.createdFired when a new link is createdlink.updatedFired when a link's URL or title is changedlink.archivedFired when a link is archivedlink.clickedFired on each redirect (per-click event)microsite.publishedFired when a microsite is publishedqr.scannedFired when a QR code is scannedExample payload
{
"event": "link.created",
"link": {
"id": 123,
"short": "mylink",
"short_url": "https://s.id/mylink",
"long_url": "https://example.com/long-url",
"title": "My Link",
"created": "2026-06-22T10:00:00Z"
},
"timestamp": "2026-06-22T10:00:00Z"
}Verify the signature (Node.js)
const crypto = require('crypto');
function verifySignature(secret, rawBody, sigHeader) {
const expected = 'sha256=' +
crypto.createHmac('sha256', secret).update(rawBody).digest('hex');
return crypto.timingSafeEqual(
Buffer.from(sigHeader),
Buffer.from(expected),
);
}The secret is shown once when you create the webhook. Verify before processing the event.
Create a key in Dashboard → Developer → API Keys. Pass it as a Bearer token. Keys are scoped and can be revoked at any time.
Authorization: Bearer sk_live_...Use the authorization-code flow to act on behalf of s.id users. Redirect to /oauth/authorize, exchange the code at /oauth/token.
OAuth 2.0 guideCreate an API key in minutes. Free tier included — no credit card required.