Short Links API

Create branded short links with aliases, expiry, passwords, click limits, and analytics.

API FAQ

Get API Key Buy Credits

Popular use-cases

Campaign tracking

Short, branded links for UTM-tagged campaigns you can rotate later.

QR codes

Print-friendly QR links for menus, events and offline media.

Password-protected

Gate sensitive docs with a simple password — no account required.

Endpoint:

99.9 % Uptime

— Response

25 req/s

0.002 Credits / request

Create Short Link (Basic)


POST https://api.yeb.to/v1/short-links/create-basic

Parameter	Type	Req.	Description
`api_key`	string	yes	Your API key
`original_url`	string	yes	Target URL (scheme auto-added if missing)
`alias`	string	opt	Human alias (1–100, [A-Za-z0-9\-_])
`short_code`	string	opt	Custom short code (else auto 7 chars)
`password`	string	opt	Optional access password
`expires_at`	ISO 8601	opt	Expiry timestamp
`click_limit`	int	opt	Max total clicks
`one_time`	bool	opt	Allow only a single click
`settings`	array<{key,value}>	opt	Custom metadata

Example

curl -X POST https://api.yeb.to/v1/short-links/create-basic \
  -H "Content-Type: application/json" \
  -d '{
  "api_key": "YOUR_KEY",
  "original_url": "https://example.com/pricing",
  "alias": "docs-demo"
}'

Response Example

{
  "data": {
    "original_url": "https://example.com/pricing",
    "short_code": "AB12CDE",
    "alias": "docs-demo",
    "public_url": "https://yeb.to/l/docs-demo",
    "expires_at": null,
    "click_limit": null,
    "one_time": false,
    "advanced_analytics": false,
    "total_clicks": 0,
    "created_at": "2025-01-01T12:00:00Z",
    "updated_at": "2025-01-01T12:00:00Z"
  }
}

{"error":"original_url is required","code":422}

Response Codes

Code	Description
200 Success	Request processed OK.
400 Bad Request	Input validation failed.
401 Unauthorized	Missing / wrong API key.
403 Forbidden	Key inactive or not allowed.
429 Rate Limit	Too many requests.
500 Server Error	Unexpected failure.

Create Short Link (Advanced)


POST https://api.yeb.to/v1/short-links/create-advanced

Parameter	Type	Req.	Description
`api_key`	string	yes	Your API key
`original_url`	string	yes	Target URL (scheme auto-added if missing)
`alias`	string	opt	Human alias (1–100, [A-Za-z0-9\-_])
`short_code`	string	opt	Custom short code (else auto 7 chars)
`password`	string	opt	Optional access password
`expires_at`	ISO 8601	opt	Expiry timestamp
`click_limit`	int	opt	Max total clicks
`one_time`	bool	opt	Allow only a single click
`settings`	array<{key,value}>	opt	Custom metadata

Example

curl -X POST https://api.yeb.to/v1/short-links/create-advanced \
  -H "Content-Type: application/json" \
  -d '{
  "api_key": "YOUR_KEY",
  "original_url": "https://example.com/pricing",
  "alias": "docs-demo",
  "click_limit": 100,
  "expires_at": "2025-12-31T23:59:00Z"
}'

Response Example

{
  "data": {
    "original_url": "https://example.com/pricing",
    "short_code": "AB12CDE",
    "alias": "docs-demo",
    "public_url": "https://yeb.to/l/docs-demo",
    "expires_at": "2025-12-31T23:59:00Z",
    "click_limit": 100,
    "one_time": false,
    "advanced_analytics": true,
    "total_clicks": 0,
    "created_at": "2025-01-01T12:00:00Z",
    "updated_at": "2025-01-01T12:00:00Z"
  }
}

{"error":"original_url is required","code":422}

Response Codes

Code	Description
200 Success	Request processed OK.
400 Bad Request	Input validation failed.
401 Unauthorized	Missing / wrong API key.
403 Forbidden	Key inactive or not allowed.
429 Rate Limit	Too many requests.
500 Server Error	Unexpected failure.

Get Short Link


POST https://api.yeb.to/v1/short-links/get

Parameter	Type	Req.	Description
`api_key`	string	yes	Your API key
`code`	string	yes	Alias or short_code

Example

curl -X POST https://api.yeb.to/v1/short-links/get \
  -H "Content-Type: application/json" \
  -d '{
  "api_key": "YOUR_KEY",
  "code": "docs-demo"
}'

Response Example

{
  "data": {
    "original_url": "https://example.com/pricing",
    "short_code": "AB12CDE",
    "alias": "docs-demo",
    "public_url": "https://yeb.to/l/docs-demo",
    "expires_at": null,
    "click_limit": null,
    "one_time": false,
    "advanced_analytics": false,
    "total_clicks": 0,
    "created_at": "2025-01-01T12:00:00Z",
    "updated_at": "2025-01-01T12:00:00Z"
  }
}

{"error":"Short link not found","code":404}

Response Codes

Code	Description
200 Success	Request processed OK.
400 Bad Request	Input validation failed.
401 Unauthorized	Missing / wrong API key.
403 Forbidden	Key inactive or not allowed.
429 Rate Limit	Too many requests.
500 Server Error	Unexpected failure.

Update Short Link


POST https://api.yeb.to/v1/short-links/update

Parameter	Type	Req.	Description
`api_key`	string	yes	Your API key
`code`	string	yes	Alias or short_code to update
`original_url`	string	opt	New target URL
`alias`	string	opt	New alias
`short_code`	string	opt	New short code
`password`	string	opt	Set password (empty string to clear)
`expires_at`	ISO 8601	opt	New expiry
`click_limit`	int	opt	New limit
`one_time`	bool	opt	Enable/disable single-use
`advanced_analytics`	bool	opt	Enable/disable advanced analytics
`settings`	array<{key,value}>	opt	Replace settings

Example

curl -X POST https://api.yeb.to/v1/short-links/update \
  -H "Content-Type: application/json" \
  -d '{
  "api_key": "YOUR_KEY",
  "code": "docs-demo",
  "click_limit": 100,
  "expires_at": "2025-12-31T23:59:00Z"
}'

Response Example

{
  "data": {
    "original_url": "https://example.com/pricing",
    "short_code": "AB12CDE",
    "alias": "docs-demo",
    "public_url": "https://yeb.to/l/docs-demo",
    "expires_at": "2025-12-31T23:59:00Z",
    "click_limit": 100,
    "one_time": false,
    "advanced_analytics": false,
    "total_clicks": 0,
    "created_at": "2025-01-01T12:00:00Z",
    "updated_at": "2025-01-10T12:00:00Z"
  }
}

{"error":"code is required","code":422}

Response Codes

Code	Description
200 Success	Request processed OK.
400 Bad Request	Input validation failed.
401 Unauthorized	Missing / wrong API key.
403 Forbidden	Key inactive or not allowed.
429 Rate Limit	Too many requests.
500 Server Error	Unexpected failure.

Delete Short Link


POST https://api.yeb.to/v1/short-links/delete

Parameter	Type	Req.	Description
`api_key`	string	yes	Your API key
`code`	string	yes	Alias or short_code

Example

curl -X POST https://api.yeb.to/v1/short-links/delete \
  -H "Content-Type: application/json" \
  -d '{
  "api_key": "YOUR_KEY",
  "code": "docs-demo"
}'

Response Example

{
  "data": { "deleted": true, "code": "docs-demo" }
}

{"error":"Short link not found","code":404}

Response Codes

Code	Description
200 Success	Request processed OK.
400 Bad Request	Input validation failed.
401 Unauthorized	Missing / wrong API key.
403 Forbidden	Key inactive or not allowed.
429 Rate Limit	Too many requests.
500 Server Error	Unexpected failure.

Short Link Stats


POST https://api.yeb.to/v1/short-links/stats

Parameter	Type	Req.	Description
`api_key`	string	yes	Your API key
`code`	string	yes	Alias or short_code
`period`	enum	opt	`7d` \| `30d` \| `90d` (default: `30d`)
`tz`	string	opt	Timezone label (informational)
`limit_recent`	int	opt	Recent clicks to return (0–200, default 20)

Example

curl -X POST https://api.yeb.to/v1/short-links/stats \
  -H "Content-Type: application/json" \
  -d '{
  "api_key": "YOUR_KEY",
  "code": "docs-demo",
  "period": "30d",
  "limit_recent": 10
}'

Response Example

{
  "data": {
    "code": "docs-demo",
    "from": "2025-01-01T00:00:00Z",
    "to": "2025-01-31T00:00:00Z",
    "tz": "UTC",
    "summary": {
      "total_clicks": 42,
      "last_click_at": "2025-01-30T20:05:00Z",
      "unique_countries": 8
    },
    "recent_clicks": [
      {"id":123,"ip":"1.2.3.4","user_agent":"...","ts":"2025-01-30T20:05:00Z"}
    ],
    "by_country": [{"key":"US","count":20}],
    "by_device": [{"key":"mobile","count":30}],
    "by_browser": [{"key":"Chrome","count":25}],
    "by_os": [{"key":"Android","count":18}]
  }
}

{"error":"code is required","code":422}

Response Codes

Code	Description
200 Success	Request processed OK.
400 Bad Request	Input validation failed.
401 Unauthorized	Missing / wrong API key.
403 Forbidden	Key inactive or not allowed.
429 Rate Limit	Too many requests.
500 Server Error	Unexpected failure.

Short Links API — Practical Guide

Create branded short links with optional password and expiry, manage aliases/codes safely, and read rich stats — without guessing which fields matter in production.

Last updated: 21 Nov 2025, 19:41 API Version: v1 Burst: 25 req/s Cost: 0.002 credits/req

#What this API solves

Teams usually need more than “shorten this URL”. You want safe naming (alias vs code), campaign controls (expiry, one-time, click limits, password), and readable stats that answer “what’s working?”. This suite provides exactly that — with two creation modes (basic vs advanced) so you only pay for analytics you actually use.

#Endpoints & when to use them

#`POST /v1/short-links/create-basic` — Create link (cheaper)

Best for: Operational links where you only need totals & last click (fast & low cost).
Output: advanced_analytics=false, total_clicks may be present; no per-country/device buckets.

#`POST /v1/short-links/create-advanced` — Create link with rich analytics

Best for: Campaigns where you’ll later slice by country, device, browser, OS.
Output: advanced_analytics=true. The stats endpoint returns buckets.

#`POST /v1/short-links/get` — Fetch by `alias` or `short_code`

Ownership enforced: You’ll only see links owned by your API key/user.

#`POST /v1/short-links/update` — Change URL/alias/code/limits

Conflicts handled: Server rejects duplicate alias/short_code across live & soft-deleted rows.
Settings: Passing settings replaces the whole key/value set (idempotent).

#`POST /v1/short-links/delete` — Soft delete by code

Tip: Deleted aliases/codes still count for conflict checks to prevent accidental reuse collisions.

#`POST /v1/short-links/stats` — Summary & buckets

Period: 7d | 30d | 90d (default 30d).
Recent clicks: up to 200 latest (limit_recent).
Buckets: Country/Device/Browser/OS (when advanced_analytics=true).
Password metrics: When derivable, returns password_page_views_* and password_attempts_total.
Debug mode: Include "debug":true to surface query diagnostics in the response.

#Quick start

# Create a basic link
curl -sX POST "https://api.yeb.to/v1/short-links/create-basic" \
 -H "Accept: application/json" -H "Content-Type: application/json" \
 -d '{ "api_key":"<YOUR_KEY>", "original_url":"https://example.com/pricing", "alias":"docs-demo" }'

# Retrieve stats (30d default) with 10 recent clicks
curl -sX POST "https://api.yeb.to/v1/short-links/stats" \
 -H "Accept: application/json" -H "Content-Type: application/json" \
 -d '{ "api_key":"<YOUR_KEY>", "code":"docs-demo", "limit_recent":10 }'

#Full “everything on” request (covers most options)

Turn features on, then trim to your needs.

POST /v1/short-links/create-advanced
{
  "api_key": "YOUR_KEY",
  "original_url": "https://example.com/launch?utm_source=short",
  "alias": "docs-advanced-demo",
  "short_code": "AB12CDE",
  "password": "letmein",
  "expires_at": "2025-12-31T23:59:00Z",
  "click_limit": 1000,
  "one_time": false,
  "advanced_analytics": true,
  "settings": [
    {"key":"campaign","value":"winter-2025"},
    {"key":"owner","value":"growth-team"}
  ]
}

#Parameters that actually matter

Create / Update

Param	Type	Required	Practical guidance
`original_url`	string (URL)	Yes (create)	Scheme auto-added if missing; keep UTM here for external analytics.
`alias`	string	No	Readable path (e.g., `/l/black-friday`). Great for campaigns.
`short_code`	string	No	Fixed-length code. If omitted, server generates 7 chars. Use for printed collateral.
`password`	string	No	Gate sensitive pages. On update, send empty string to clear.
`expires_at`	ISO 8601	No	Hard stop for promo windows. Combine with stats to prune stale links.
`click_limit`	int	No	Cap total visits (e.g., limited seats). Pair with `one_time` for single-use passes.
`one_time`	bool	No	First successful click consumes the link.
`advanced_analytics`	bool	No	Enable per-country/device/browser/OS buckets in `/stats`.
`settings`	array<{key,value}>	No	Free-form metadata. On update, the set is replaced atomically.

Stats request

Param	Type	Required	Notes
`code`	string	Yes	Either the `alias` or the `short_code`.
`period`	enum	No	`7d` \| `30d` \| `90d` (default `30d`).
`limit_recent`	int	No	0–200 (default 20). Returns latest clicks with IP/UA timestamped.
`tz`	string	No	Informational field echoed back (visualization hint).
`debug`	bool	No	`true` adds query diagnostics to response (helpful in staging).

#Reading & acting on responses

Create (basic vs advanced)

{
  "data": {
    "original_url": "https://example.com/pricing",
    "short_code": "AB12CDE",
    "alias": "docs-demo",
    "public_url": "https://yeb.to/l/docs-demo",
    "expires_at": null,
    "click_limit": null,
    "one_time": false,
    "advanced_analytics": false,
    "total_clicks": 0,
    "created_at": "2025-01-01T12:00:00Z",
    "updated_at": "2025-01-01T12:00:00Z"
  }
}

Print/embed: Use public_url on sites or QR codes.
Auditing: Keep alias and short_code in your DB for future updates.

Get / Update

{
  "data": {
    "original_url": "https://example.com/pricing",
    "short_code": "AB12CDE",
    "alias": "docs-demo",
    "public_url": "https://yeb.to/l/docs-demo",
    "expires_at": "2025-12-31T23:59:00Z",
    "click_limit": 100,
    "one_time": false,
    "advanced_analytics": false,
    "total_clicks": 0,
    "created_at": "2025-01-01T12:00:00Z",
    "updated_at": "2025-01-10T12:00:00Z"
  }
}

Conflicts: If you change alias or short_code to one that exists (even soft-deleted), you’ll get a 422 explaining the conflict.
Password: On update, send empty string to clear. Non-empty strings are stored hashed.

Stats

{
  "data": {
    "code": "docs-demo",
    "from": "2025-01-01T00:00:00Z",
    "to":   "2025-01-31T00:00:00Z",
    "tz": "UTC",
    "summary": {
      "total_clicks": 42,
      "last_click_at": "2025-01-30T20:05:00Z",
      "unique_countries": 8,
      "password_page_views_total": 12,
      "password_page_views_unique": 10,
      "password_attempts_total": 3
    },
    "recent_clicks": [
      {"ip":"1.2.3.4","user_agent":"...","ts":"2025-01-30T20:05:00Z"}
    ],
    "by_country": [{"key":"US","count":20}],
    "by_device":  [{"key":"mobile","count":30}],
    "by_browser": [{"key":"Chrome","count":25}],
    "by_os":      [{"key":"Android","count":18}]
  }
}

Basic vs Advanced: Buckets populate only when the link was created with advanced_analytics=true and underlying tables exist.
Recent list: Use it for moderation/debugging; don’t store full UA/IP long-term if you don’t need them.

#Practical recipes

Campaign naming: Use alias for human-readable slugs (/l/summer-sale), keep short_code for printed QR where length matters.
Time-boxed promos: Set expires_at and click_limit. After the window, update the link to a “campaign over” page.
Single-use access: Combine one_time=true with a password. Track attempts via /stats password metrics.
Attribution: Include UTMs in original_url. The API doesn’t change your query string.
Governance: Store settings like campaign, owner, cost_center for internal reporting.

#Errors & safeguards

422 — Validation (missing original_url, code, or alias/code conflict).
404 — Not found (wrong code or not owned by your key/user).
Ownership: All read/write endpoints scope by API key/user; non-owned links behave as “not found”.

#API Changelog (Short Links)

2025-11-05

Stats diagnostics. Added optional debug flag to /stats response for query introspection.

2025-11-03

Password telemetry. Surfacing password_page_views_* and password_attempts_total when derivable.

2025-10-28

Conflict hardening. Update now checks duplicates across live & soft-deleted links; clearer 422 messages.

2025-10-20

Advanced analytics path. Split creation into create-basic and create-advanced with bucketed stats support.

Use the endpoint playgrounds on this page to test payloads and lock defaults (alias pattern, expiry policy, analytics mode).

#Copy-ready cURL (common flows)

# Create (basic)
curl -sX POST "https://api.yeb.to/v1/short-links/create-basic" -H "Content-Type: application/json" \
 -d '{"api_key":"YOUR_KEY","original_url":"https://example.com/pricing","alias":"docs-demo"}'

# Create (advanced)
curl -sX POST "https://api.yeb.to/v1/short-links/create-advanced" -H "Content-Type: application/json" \
 -d '{"api_key":"YOUR_KEY","original_url":"https://example.com/pricing","alias":"docs-demo","click_limit":100,"expires_at":"2025-12-31T23:59:00Z"}'

# Get
curl -sX POST "https://api.yeb.to/v1/short-links/get" -H "Content-Type: application/json" \
 -d '{"api_key":"YOUR_KEY","code":"docs-demo"}'

# Update
curl -sX POST "https://api.yeb.to/v1/short-links/update" -H "Content-Type: application/json" \
 -d '{"api_key":"YOUR_KEY","code":"docs-demo","click_limit":100,"expires_at":"2025-12-31T23:59:00Z"}'

# Stats
curl -sX POST "https://api.yeb.to/v1/short-links/stats" -H "Content-Type: application/json" \
 -d '{"api_key":"YOUR_KEY","code":"docs-demo","period":"30d","limit_recent":10}'

# Delete
curl -sX POST "https://api.yeb.to/v1/short-links/delete" -H "Content-Type: application/json" \
 -d '{"api_key":"YOUR_KEY","code":"docs-demo"}'

Frequently Asked Questions

MaxMind GeoLite2 data is typically accurate to city level for 65–70% of IPv4 addresses worldwide.

For privacy and simplicity we normalize all “not available” states (expired, consumed, disabled, click limit reached) to 404.

Yes, if the new alias/short_code is unique across both columns. The API enforces global uniqueness.

Default burst is 20 req/s per API key (may vary by plan). Daily and monthly quotas can also apply.

Creating a link consumes credits. Viewing stats does as well. Password views/attempts themselves are recorded but do not individually bill.

Uniques are approximated by distinct IP addresses observed before the current event.

Only you. Access checks match your user_id (web) or any API key you own (API). Requests from others resolve as 404.

Yes. Every request, even those resulting in errors, consumes credits. This is because your credits are tied to the number of requests, regardless of success or failure. If the error is clearly due to a platform problem on our end, we will restore the affected credits (no cash refunds).

Contact us at [email protected]. We take feedback seriously—if your bug report or feature request is meaningful, we can fix or improve the API quickly and grant you 50 free credits as a thank you.

It depends on the API and sometimes even on the endpoint. Some endpoints use data from external sources, which may have stricter limits. We also enforce limits to prevent abuse and keep our platform stable. Check the docs for the specific rate limit for each endpoint.

We operate on a credit system. Credits are prepaid, non-refundable units you spend on API calls and tools. Credits are consumed FIFO (oldest first) and are valid for 12 months from the purchase date. The dashboard shows each purchase date and its expiry.

Yes. All purchased credits (including fractional balances) are valid for 12 months from purchase. Unused credits automatically expire and are permanently deleted at the end of the validity period. Expired credits cannot be restored or converted to cash or other value. Transitional rule: credits bought before 22 Sep 2025 are treated as purchased on 22 Sep 2025 and expire on 22 Sep 2026 (unless an earlier expiry was stated at purchase).

Yes—within their validity window. Unused credits remain available and roll over month-to-month until they expire 12 months after purchase.

Credits are non-refundable. Only buy what you need—you can always top up later. If a platform-side error causes a failed charge, we may restore the affected credits after investigation. No cash refunds.

Prices are set in credits, not dollars. Each endpoint lists its own cost—see the “Credits / request” badge above. You’ll always know exactly what you’re spending.

← Back to APIs

Get credits to unlock premium content and features

Customer Type

Billing Country

Short Links API

Popular use-cases

Campaign tracking

QR codes

Password-protected

Create Short Link (Basic)

Example

Response Example

Response Codes

Create Short Link (Advanced)

Example

Response Example

Response Codes

Get Short Link

Example

Response Example

Response Codes

Update Short Link

Example

Response Example

Response Codes

Delete Short Link

Example

Response Example

Response Codes

Short Link Stats

Example

Response Example

Response Codes

Short Links API — Practical Guide

#What this API solves

#Endpoints & when to use them

#POST /v1/short-links/create-basic — Create link (cheaper)

#POST /v1/short-links/create-advanced — Create link with rich analytics

#POST /v1/short-links/get — Fetch by alias or short_code

#POST /v1/short-links/update — Change URL/alias/code/limits

#POST /v1/short-links/delete — Soft delete by code

#POST /v1/short-links/stats — Summary & buckets

#Quick start

#Full “everything on” request (covers most options)

#Parameters that actually matter

Create / Update

Stats request

#Reading & acting on responses

Create (basic vs advanced)

Get / Update

Stats

#Practical recipes

#Errors & safeguards

#API Changelog (Short Links)

#Copy-ready cURL (common flows)

Frequently Asked Questions

How accurate is the city-level database?

Why do expired or one-time links return 404 instead of 410?

Can I change the alias later?

What is the rate limit?

Do password page views or attempts consume extra credits?

How do you count unique clicks?

Who can access my link data?

Do requests with errors count and cost credits?

I found a bug or want customizations in the APIs. What do I do?

What is the rate limit?

How does payment and usage work?

Do credits expire?

Do unused credits roll over?

Do you offer refunds?

How much does each API call cost?

#`POST /v1/short-links/create-basic` — Create link (cheaper)

#`POST /v1/short-links/create-advanced` — Create link with rich analytics

#`POST /v1/short-links/get` — Fetch by `alias` or `short_code`

#`POST /v1/short-links/update` — Change URL/alias/code/limits

#`POST /v1/short-links/delete` — Soft delete by code

#`POST /v1/short-links/stats` — Summary & buckets