API Reference
Secure links with powerful analytics
Core API Endpoints
Access the full Linkify infrastructure through our RESTful API. All requests require a valid Bearer token in the `Authorization` header and must be sent over TLS 1.3.
POST /v1/links
Create a new shortened URL with custom aliases, expiration dates, and UTM tracking.
Parameters: destination_url (string, required), alias (string, optional), expires_at (ISO 8601, optional), tags (array, optional)
Responses: 201 Created, 400 Bad Request, 401 Unauthorized, 409 Conflict
GET /v1/links/{id}/stats
Retrieve comprehensive click analytics, geographic distribution, and device breakdowns.
Parameters: start_date (ISO 8601), end_date (ISO 8601), granularity (hourly|daily|monthly)
Responses: 200 OK, 403 Forbidden, 404 Not Found
DELETE /v1/links/{id}
Permanently remove a shortened link and purge associated click logs from active edge caches.
Parameters: id (path parameter, required), soft_delete (boolean, default: false)
Responses: 204 No Content, 401 Unauthorized, 404 Not Found
Authentication & Rate Limits
Linkify enforces strict security protocols to protect your referral data and prevent automated abuse.
All API methods require OAuth 2.0 or API key authentication. Standard rate limits are set to 1,200 requests per hour per token. Enterprise plans scale to 10,000 requests per hour with burst allowance. Invalid tokens return a 401 status, while throttled clients receive a 429 status with a `Retry-After` header indicating cooldown duration.
Webhook endpoints support HMAC-SHA256 signature verification. Include the `x-linkify-signature` header in your payload validation logic to ensure request integrity. Failed signature checks are logged and trigger a 401 response without processing the event.
View SDK Documentation Generate API Key