logo LinkShift.app
Sign inStart now
logo LinkShift.app
Go to App
LinkShift docs
OpenAPI-driven API documentation
Start
Overview
API reference
Guides
LinkShift Public API Guide
Domains and Domain Groups API
Redirect Rules API
Link Maps API
Link Map Entries API
Redirect Tests API
Concepts
Link Maps: Purpose, Behavior, and Safety
API endpoints
GET List domain groups
 POST Create domain group
 GET Get domain group
 PUT Update domain group
 DELETE Delete domain group
GET List domains
 POST Create domain
 GET Get domain
 PUT Update domain
 DELETE Delete domain
GET List link map entries
 POST Create link map entry
 DELETE Delete multiple link map entries by IDs
 GET Get link map entry
 PUT Update link map entry
 DELETE Delete link map entry
 POST Import link map entries
 POST Roll back imported link map entries
GET List link maps
 POST Create link map
 GET Get link map
 PUT Update link map
 DELETE Delete link map
GET Get organization usage summary
GET List redirect rules
 POST Create redirect rule
 GET Get redirect rule
 PUT Update redirect rule
 DELETE Delete redirect rule
 GET Get top redirect rules analytics
 POST Simulate redirect rule matching
GET List redirect tests
 POST Create redirect test
 GET Get redirect test
 PUT Update redirect test
 DELETE Delete redirect test
LinkShift docs
Guide
API reference

LinkShift Public API Guide

Authentication, scope, quotas, and API surface overview for LinkShift API keys.

Source: backend/docs/public-api/README.md

LinkShift Public API Guide

This guide explains how to use LinkShift programmatically with organization API keys.

Authentication

Send your API key in one of the following ways:

  1. Recommended header:
X-API-Key: <your_api_key>
  1. Alternative header format (also accepted by backend):
Authorization: ApiKey <your_api_key>

API Key Scope and Plan Behavior

  • API keys are scoped to an organization, not a single user.
  • API keys can manage redirect resources (domains, domain groups, redirect rules, link maps, link map entries, redirect tests).
  • API keys cannot access:
    • /api/v1/api-keys (key lifecycle is dashboard/user-auth only)
    • user-centric auth endpoints
    • billing and member-management endpoints

Free Plan Paywall

  • Free organizations may still create/manage API keys in dashboard.
  • Any API-key-authenticated call on Free plan returns 402 Payment Required.

Per-Key Rate Limits

Rate limits are enforced per API key:

  • Free: blocked by paywall before usage
  • Basic: 10 requests/minute/key
  • Pro: 50 requests/minute/key

This is separate from redirect runtime rate limiting used by public redirect traffic.

API Surface

OpenAPI Specification

Use the strict OpenAPI file:

  • backend/docs/openapi/linkshift-api-keys.openapi.yaml

Error Model

Error payloads are normalized and include:

  • code: HTTP-like numeric code
  • key: machine-readable key (for example payment_required)
  • message: short message
  • details: human-readable explanation (when available)
  • requestId: request correlation ID

Common status codes:

  • 401 invalid/missing API key
  • 402 free plan or subscription restrictions for API usage
  • 404 not found / out-of-scope resource
  • 409 conflict (for example duplicate domain)
  • 429 per-key rate limit exceeded